87E0000
|
trusted library section
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000005.00000002.2485480642.00000000087E0000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
87E0000
|
Size: |
507904
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Costura Assembly Loader |
Data Obfuscation |
|
|
483D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1351178755.000000000483D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
483D000
|
Size: |
12288
|
|
6DCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1357434264.0000000006DCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6DCE000
|
Size: |
8192
|
|
8020000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2478750087.0000000008020000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8020000
|
Size: |
61440
|
|
2C90000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345866593.0000000002C90000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2C90000
|
Size: |
4096
|
|
73D06000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.1362926748.0000000073D06000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73D06000
|
Size: |
28672
|
|
73C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2470373412.00000000073C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
73C0000
|
Size: |
65536
|
|
715E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467675515.000000000715E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
715E000
|
Size: |
8192
|
|
8250000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361642538.0000000008250000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8250000
|
Size: |
4096
|
|
2E2C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1335750921.0000000002E2C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E2C000
|
Size: |
12288
|
|
2E24000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1323703171.0000000002E24000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E24000
|
Size: |
45056
|
|
6355000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1336147126.0000000006355000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6355000
|
Size: |
12288
|
|
7341000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359420568.0000000007341000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7341000
|
Size: |
12288
|
|
29C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425502314.00000000029C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29C0000
|
Size: |
4096
|
|
8210000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2479974712.0000000008210000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8210000
|
Size: |
65536
|
|
56FD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1340795344.00000000056FD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
56FD000
|
Size: |
20480
|
|
7570000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2471974891.0000000007570000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7570000
|
Size: |
65536
|
|
4C6E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428122243.0000000004C6E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4C6E000
|
Size: |
8192
|
|
7416000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1342700460.0000000007416000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7416000
|
Size: |
4096
|
|
AE21000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2566817026.000000000AE21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
AE21000
|
Size: |
2945024
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
8500000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2480647315.0000000008500000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8500000
|
Size: |
65536
|
|
4E44000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346246042.0000000004E44000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E44000
|
Size: |
8192
|
|
7381000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359798212.0000000007381000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7381000
|
Size: |
61440
|
|
474E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350926869.000000000474E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
474E000
|
Size: |
8192
|
|
577C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341071089.000000000577C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
577C000
|
Size: |
16384
|
|
CE21000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2676641019.000000000CE21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
CE21000
|
Size: |
10485760
|
|
75FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360519243.00000000075FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
75FE000
|
Size: |
8192
|
|
6851000
|
trusted library allocation
|
page execute
|
|
|
|
Name: |
00000000.00000003.1331261861.0000000006851000.00000010.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute
|
Base address: |
6851000
|
Size: |
12288
|
|
6F85000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1358313969.0000000006F85000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
6F85000
|
Size: |
8192
|
|
7420000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360378982.0000000007420000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7420000
|
Size: |
28672
|
|
5766000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341636515.0000000005766000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5766000
|
Size: |
16384
|
|
734F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359420568.000000000734F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
734F000
|
Size: |
32768
|
|
57CD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1327981216.00000000057CD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57CD000
|
Size: |
40960
|
|
4790000
|
heap
|
page readonly
|
|
|
|
Name: |
00000001.00000002.1350986142.0000000004790000.00000002.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page readonly
|
Base address: |
4790000
|
Size: |
4096
|
|
292D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1349617271.000000000292D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
292D000
|
Size: |
12288
|
|
5066000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000005066000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5066000
|
Size: |
12288
|
|
576A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341522415.000000000576A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
576A000
|
Size: |
16384
|
|
6E8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1357660556.0000000006E8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6E8E000
|
Size: |
8192
|
|
6F5B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1358213492.0000000006F5B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6F5B000
|
Size: |
20480
|
|
66BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1324346438.00000000066BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
66BA000
|
Size: |
724992
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
7410000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2471109127.0000000007410000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7410000
|
Size: |
65536
|
|
84BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2480200356.00000000084BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
84BE000
|
Size: |
8192
|
|
7391000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359798212.0000000007391000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7391000
|
Size: |
32768
|
|
4DB5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114721079.0000000004DB5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4DB5000
|
Size: |
126976
|
|
46B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350611395.00000000046B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46B0000
|
Size: |
12288
|
|
7F638000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1363066636.000000007F638000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7F638000
|
Size: |
4096
|
|
77A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361292402.00000000077A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
77A0000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
455E000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113504545.000000000455E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
455E000
|
Size: |
8192
|
|
5792000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1340993698.0000000005792000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5792000
|
Size: |
57344
|
|
7790000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361236480.0000000007790000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7790000
|
Size: |
65536
|
|
84F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362377595.00000000084F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
84F0000
|
Size: |
53248
|
|
47A8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1351021057.00000000047A8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
47A8000
|
Size: |
12288
|
|
6210000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347354960.0000000006210000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6210000
|
Size: |
8192
|
|
4A9D000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113874284.0000000004A9D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4A9D000
|
Size: |
12288
|
|
5789000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1340959898.0000000005789000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5789000
|
Size: |
94208
|
|
6173000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1337547592.0000000006173000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6173000
|
Size: |
913408
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
4A35000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2427789560.0000000004A35000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
4A35000
|
Size: |
8192
|
|
575F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346792950.000000000575F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
575F000
|
Size: |
16384
|
|
73D2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360158370.00000000073D2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73D2000
|
Size: |
118784
|
|
57A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1340889068.00000000057A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57A0000
|
Size: |
135168
|
|
56F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346792950.00000000056F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
56F0000
|
Size: |
8192
|
|
720000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109235777.0000000000720000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
720000
|
Size: |
4096
|
|
52B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338295455.00000000052B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
52B3000
|
Size: |
32768
|
|
2C19000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425702776.0000000002C19000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2C19000
|
Size: |
16384
|
|
82B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361775003.00000000082B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
82B0000
|
Size: |
4096
|
|
70CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1358846543.00000000070CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
70CE000
|
Size: |
8192
|
|
8100000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479062971.0000000008100000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8100000
|
Size: |
57344
|
|
57B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1328098800.00000000057B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57B9000
|
Size: |
12288
|
|
7600000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2477647371.0000000007600000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7600000
|
Size: |
65536
|
|
2C03000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2425622003.0000000002C03000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2C03000
|
Size: |
4096
|
|
D821000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2676641019.000000000D821000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
D821000
|
Size: |
6287360
|
|
2C6E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345835253.0000000002C6E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2C6E000
|
Size: |
8192
|
|
541E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352323429.000000000541E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
541E000
|
Size: |
188416
|
|
2CD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345889945.0000000002CD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CD0000
|
Size: |
4096
|
|
72BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359138616.00000000072BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
72BE000
|
Size: |
8192
|
|
4D83000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114363996.0000000004D83000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4D83000
|
Size: |
16384
|
|
4CAD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428160702.0000000004CAD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4CAD000
|
Size: |
12288
|
|
4D3E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352212878.0000000004D3E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4D3E000
|
Size: |
8192
|
|
67F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338561320.00000000067F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F0000
|
Size: |
8192
|
|
2BC0000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109675228.0000000002BC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BC0000
|
Size: |
28672
|
|
576E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341452748.000000000576E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
576E000
|
Size: |
32768
|
|
7280000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467770195.0000000007280000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7280000
|
Size: |
24576
|
|
711E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467628624.000000000711E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
711E000
|
Size: |
8192
|
|
747E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2471377663.000000000747E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
747E000
|
Size: |
8192
|
|
847E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2480158665.000000000847E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
847E000
|
Size: |
8192
|
|
57BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1328037846.00000000057BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57BD000
|
Size: |
4096
|
|
8580000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362569707.0000000008580000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8580000
|
Size: |
4096
|
|
73D0D000
|
unkown
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3116833788.0000000073D0D000.00000004.00000001.01000000.0000000A.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
73D0D000
|
Size: |
8192
|
|
737B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467930367.000000000737B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
737B000
|
Size: |
147456
|
|
57B8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1328037846.00000000057B8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57B8000
|
Size: |
16384
|
|
5450000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352323429.0000000005450000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5450000
|
Size: |
221184
|
|
62A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1336324272.00000000062A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
62A0000
|
Size: |
262144
|
|
7300000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359204550.0000000007300000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7300000
|
Size: |
4096
|
|
73AC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359922207.00000000073AC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73AC000
|
Size: |
8192
|
|
7060000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2466628335.0000000007060000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7060000
|
Size: |
65536
|
|
2C7D000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3112776977.0000000002C7D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C7D000
|
Size: |
12288
|
|
5790000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341019424.0000000005790000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5790000
|
Size: |
8192
|
|
66B4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1324771794.00000000066B4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
66B4000
|
Size: |
589824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
8200000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479821860.0000000008200000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8200000
|
Size: |
20480
|
|
57A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1340915161.00000000057A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57A7000
|
Size: |
106496
|
|
A821000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2519375852.000000000A821000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
A821000
|
Size: |
6287360
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
72A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467930367.00000000072A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
72A0000
|
Size: |
77824
|
|
2928000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1349617271.0000000002928000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2928000
|
Size: |
16384
|
|
9E21000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2519375852.0000000009E21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
9E21000
|
Size: |
10485760
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
2E29000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346118697.0000000002E29000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E29000
|
Size: |
12288
|
|
46E5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1350863251.00000000046E5000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
46E5000
|
Size: |
45056
|
|
4B40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1345262207.0000000004B40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4B40000
|
Size: |
4096
|
|
6E0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1357471470.0000000006E0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6E0E000
|
Size: |
8192
|
|
57BE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1327981216.00000000057BE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57BE000
|
Size: |
36864
|
|
70A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467172263.00000000070A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
70A0000
|
Size: |
65536
|
|
29DC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1349881594.00000000029DC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29DC000
|
Size: |
12288
|
|
6AB9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1332465547.0000000006AB9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6AB9000
|
Size: |
57344
|
|
73B5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359987625.00000000073B5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73B5000
|
Size: |
8192
|
|
46BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427568601.00000000046BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
46BE000
|
Size: |
8192
|
|
4C60000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114249109.0000000004C60000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4C60000
|
Size: |
4096
|
|
6A9A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1336957121.0000000006A9A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A9A000
|
Size: |
8192
|
|
46C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350707007.00000000046C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46C0000
|
Size: |
32768
|
|
8130000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479473030.0000000008130000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8130000
|
Size: |
65536
|
|
5327000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352323429.0000000005327000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5327000
|
Size: |
999424
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425270309.00000000007A0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7A0000
|
Size: |
4096
|
|
2E2D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346118697.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E2D000
|
Size: |
8192
|
|
2D82000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346011398.0000000002D82000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D82000
|
Size: |
143360
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
4EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352323429.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4EF0000
|
Size: |
1536000
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6FCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1358390339.0000000006FCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6FCE000
|
Size: |
8192
|
|
5F71000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000005F71000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5F71000
|
Size: |
204800
|
|
6BE3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000006BE3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6BE3000
|
Size: |
208896
|
|
8C10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347720446.0000000008C10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8C10000
|
Size: |
36864
|
|
2C6D000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3112561051.0000000002C6D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C6D000
|
Size: |
12288
|
|
5FB1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000005FB1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5FB1000
|
Size: |
10485760
|
|
6EC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425180106.00000000006EC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6EC000
|
Size: |
16384
|
|
8030000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2478872796.0000000008030000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8030000
|
Size: |
8192
|
|
72B4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467930367.00000000072B4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
72B4000
|
Size: |
73728
|
|
2DB8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346038873.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DB8000
|
Size: |
20480
|
|
46C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427599411.00000000046C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46C0000
|
Size: |
16384
|
|
54E4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352323429.00000000054E4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
54E4000
|
Size: |
2617344
|
|
714D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1358923800.000000000714D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
714D000
|
Size: |
12288
|
|
6EE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2466017007.0000000006EE0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6EE0000
|
Size: |
36864
|
|
46BD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1350684195.00000000046BD000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
46BD000
|
Size: |
8192
|
|
505C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.000000000505C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
505C000
|
Size: |
4096
|
|
5DE6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000005DE6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5DE6000
|
Size: |
200704
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
63A4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1336724881.00000000063A4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
63A4000
|
Size: |
262144
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
2E1D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339656804.0000000002E1D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E1D000
|
Size: |
45056
|
|
52B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346500137.00000000052B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
52B3000
|
Size: |
32768
|
|
73BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360072763.00000000073BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73BC000
|
Size: |
24576
|
|
2C0D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2425676701.0000000002C0D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2C0D000
|
Size: |
12288
|
|
2C70000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2426154954.0000000002C70000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C70000
|
Size: |
24576
|
|
67F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338957256.00000000067F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F9000
|
Size: |
94208
|
|
5799000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344113199.0000000005799000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5799000
|
Size: |
28672
|
|
8350000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362220005.0000000008350000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8350000
|
Size: |
237568
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2BC8000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109675228.0000000002BC8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BC8000
|
Size: |
65536
|
|
6A71000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1324637179.0000000006A71000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A71000
|
Size: |
389120
|
|
67F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338997271.00000000067F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F9000
|
Size: |
94208
|
|
4D8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428365260.0000000004D8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4D8E000
|
Size: |
8192
|
|
57AF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347028261.00000000057AF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57AF000
|
Size: |
73728
|
|
2D30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345933533.0000000002D30000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D30000
|
Size: |
28672
|
|
704E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1358779686.000000000704E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
704E000
|
Size: |
8192
|
|
2D7D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339569357.0000000002D7D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D7D000
|
Size: |
8192
|
|
575E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1325593637.000000000575E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
575E000
|
Size: |
520192
|
|
7760000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361085211.0000000007760000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7760000
|
Size: |
65536
|
|
67FD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344134198.00000000067FD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67FD000
|
Size: |
4096
|
|
76D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1360680642.00000000076D0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
76D0000
|
Size: |
8192
|
|
8344000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362182799.0000000008344000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8344000
|
Size: |
20480
|
|
2BF2000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109675228.0000000002BF2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BF2000
|
Size: |
90112
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
5DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1356200602.0000000005DB0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5DB0000
|
Size: |
4096
|
|
5790000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341071089.0000000005790000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5790000
|
Size: |
8192
|
|
5700000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341846446.0000000005700000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5700000
|
Size: |
8192
|
|
8194000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479621724.0000000008194000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8194000
|
Size: |
8192
|
|
71CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359066266.00000000071CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
71CE000
|
Size: |
8192
|
|
29D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1349881594.00000000029D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29D0000
|
Size: |
45056
|
|
4DFA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352323429.0000000004DFA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4DFA000
|
Size: |
991232
|
|
82D6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361800630.00000000082D6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
82D6000
|
Size: |
16384
|
|
4BD0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428086788.0000000004BD0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4BD0000
|
Size: |
4096
|
|
2D7D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1333355838.0000000002D7D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D7D000
|
Size: |
8192
|
|
7770000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361134069.0000000007770000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7770000
|
Size: |
65536
|
|
5D99000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1356200602.0000000005D99000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5D99000
|
Size: |
20480
|
|
7420000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2471229783.0000000007420000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7420000
|
Size: |
65536
|
|
4D90000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428396938.0000000004D90000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4D90000
|
Size: |
65536
|
|
46C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427599411.00000000046C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
46C7000
|
Size: |
12288
|
|
4630000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2427477951.0000000004630000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
4630000
|
Size: |
65536
|
|
6802000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339418242.0000000006802000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6802000
|
Size: |
57344
|
|
4DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428483829.0000000004DA0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4DA0000
|
Size: |
65536
|
|
75F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2477509201.00000000075F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
75F0000
|
Size: |
65536
|
|
7700000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360777700.0000000007700000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7700000
|
Size: |
65536
|
|
6A71000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1336957121.0000000006A71000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A71000
|
Size: |
163840
|
|
8190000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479621724.0000000008190000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8190000
|
Size: |
4096
|
|
5DFB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1356200602.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5DFB000
|
Size: |
1597440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2E18000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427150143.0000000002E18000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E18000
|
Size: |
16384
|
|
6EF0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2466017007.0000000006EF0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6EF0000
|
Size: |
204800
|
|
5F6B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000005F6B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5F6B000
|
Size: |
12288
|
|
8000000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2478594577.0000000008000000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8000000
|
Size: |
4096
|
|
2E2D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339476617.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E2D000
|
Size: |
8192
|
|
55ED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346729721.00000000055ED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
55ED000
|
Size: |
12288
|
|
5790000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347004369.0000000005790000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5790000
|
Size: |
8192
|
|
575F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1340823770.000000000575F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
575F000
|
Size: |
401408
|
|
6E70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1331999207.0000000006E70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6E70000
|
Size: |
147456
|
|
2C9A000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113190852.0000000002C9A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C9A000
|
Size: |
8192
|
|
5273000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1336572365.0000000005273000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5273000
|
Size: |
294912
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
75B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2476750206.00000000075B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
75B0000
|
Size: |
65536
|
|
62E2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1323813194.00000000062E2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
62E2000
|
Size: |
843776
|
|
67F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338725513.00000000067F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F9000
|
Size: |
94208
|
|
73CF1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000001.00000002.1362868556.0000000073CF1000.00000020.00000001.01000000.0000000A.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
73CF1000
|
Size: |
86016
|
|
2C78000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2426154954.0000000002C78000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C78000
|
Size: |
135168
|
|
6ACE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347621677.0000000006ACE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6ACE000
|
Size: |
16384
|
|
8540000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2480917745.0000000008540000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8540000
|
Size: |
65536
|
|
81B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361479123.00000000081B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
81B0000
|
Size: |
8192
|
|
7710000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360829845.0000000007710000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7710000
|
Size: |
65536
|
|
763F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360542545.000000000763F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
763F000
|
Size: |
4096
|
|
677F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1325419463.000000000677F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
677F000
|
Size: |
1093632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
81B5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479621724.00000000081B5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
81B5000
|
Size: |
36864
|
|
6F24000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2466017007.0000000006F24000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F24000
|
Size: |
40960
|
|
95A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345546870.000000000095A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
95A000
|
Size: |
24576
|
|
2C0C000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109675228.0000000002C0C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C0C000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
690000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
0000000B.00000002.3107761899.0000000000690000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
690000
|
Size: |
4096
|
|
63E6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347541846.00000000063E6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
63E6000
|
Size: |
8192
|
|
6363000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1323904466.0000000006363000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6363000
|
Size: |
479232
|
|
8560000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362518506.0000000008560000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8560000
|
Size: |
8192
|
|
73D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2470515642.00000000073D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
73D0000
|
Size: |
65536
|
|
4ACF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427916719.0000000004ACF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4ACF000
|
Size: |
4096
|
|
46E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350780074.00000000046E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46E0000
|
Size: |
4096
|
|
2C2A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2425901615.0000000002C2A000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2C2A000
|
Size: |
4096
|
|
2C26000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2425857559.0000000002C26000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2C26000
|
Size: |
8192
|
|
4E80000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3116006480.0000000004E80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E80000
|
Size: |
200704
|
|
5764000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346897768.0000000005764000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5764000
|
Size: |
8192
|
|
6EDD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2465971934.0000000006EDD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6EDD000
|
Size: |
12288
|
|
7080000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2466906519.0000000007080000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7080000
|
Size: |
65536
|
|
5779000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341636515.0000000005779000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5779000
|
Size: |
12288
|
|
67F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338922051.00000000067F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F9000
|
Size: |
94208
|
|
67FE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339147809.00000000067FE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67FE000
|
Size: |
73728
|
|
680A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339739524.000000000680A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
680A000
|
Size: |
24576
|
|
7FE4000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2478407682.0000000007FE4000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
7FE4000
|
Size: |
114688
|
|
2A45000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109410497.0000000002A45000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A45000
|
Size: |
12288
|
|
52B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1323948132.00000000052B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
52B3000
|
Size: |
135168
|
|
45D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427298328.00000000045D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45D0000
|
Size: |
4096
|
|
6E78000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1324877147.0000000006E78000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E78000
|
Size: |
884736
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
2E24000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1324705429.0000000002E24000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E24000
|
Size: |
45056
|
|
2DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1333721916.0000000002DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DA5000
|
Size: |
114688
|
|
766B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2478046103.000000000766B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
766B000
|
Size: |
20480
|
|
2C20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425795582.0000000002C20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2C20000
|
Size: |
4096
|
|
4CC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2428251247.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
4CC0000
|
Size: |
65536
|
|
81FD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479776075.00000000081FD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
81FD000
|
Size: |
12288
|
|
4A16000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1345093975.0000000004A16000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4A16000
|
Size: |
32768
|
|
4D80000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114363996.0000000004D80000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4D80000
|
Size: |
8192
|
|
6E6000
|
remote allocation
|
page readonly
|
|
|
|
Name: |
0000000B.00000002.3109139837.00000000006E6000.00000002.00000400.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page readonly
|
Base address: |
6E6000
|
Size: |
16384
|
|
6363000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1336724881.0000000006363000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6363000
|
Size: |
258048
|
|
7740000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360984119.0000000007740000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7740000
|
Size: |
65536
|
|
4A10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2427661156.0000000004A10000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
4A10000
|
Size: |
65536
|
|
5223000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346354052.0000000005223000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5223000
|
Size: |
69632
|
|
50AC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352323429.00000000050AC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
50AC000
|
Size: |
2490368
|
|
52D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346542672.00000000052D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
52D0000
|
Size: |
40960
|
|
2F2E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346183788.0000000002F2E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F2E000
|
Size: |
8192
|
|
6260000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347387304.0000000006260000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6260000
|
Size: |
4096
|
|
5445000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344158628.0000000005445000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5445000
|
Size: |
16384
|
|
6855000
|
trusted library allocation
|
page execute
|
|
|
|
Name: |
00000000.00000003.1330912638.0000000006855000.00000010.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute
|
Base address: |
6855000
|
Size: |
4096
|
|
5234000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1324072732.0000000005234000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5234000
|
Size: |
520192
|
|
6800000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339224171.0000000006800000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6800000
|
Size: |
65536
|
|
6806000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339537133.0000000006806000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6806000
|
Size: |
40960
|
|
4A8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427869831.0000000004A8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4A8E000
|
Size: |
8192
|
|
6E1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2465825824.0000000006E1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6E1E000
|
Size: |
8192
|
|
67FA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339022510.00000000067FA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67FA000
|
Size: |
90112
|
|
2D8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350104805.0000000002D8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D8E000
|
Size: |
8192
|
|
505E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.000000000505E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
505E000
|
Size: |
4096
|
|
5780000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341019424.0000000005780000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5780000
|
Size: |
36864
|
|
84F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2480507179.00000000084F0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
84F0000
|
Size: |
65536
|
|
843E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2480124777.000000000843E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
843E000
|
Size: |
8192
|
|
5221000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346354052.0000000005221000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5221000
|
Size: |
4096
|
|
5702000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1325593637.0000000005702000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5702000
|
Size: |
126976
|
|
BBEE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2566817026.000000000BBEE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
BBEE000
|
Size: |
10485760
|
|
4D88000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114363996.0000000004D88000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4D88000
|
Size: |
4096
|
|
45D8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427298328.00000000045D8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45D8000
|
Size: |
28672
|
|
9B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345624792.00000000009B0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B0000
|
Size: |
4096
|
|
5761000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1325701697.0000000005761000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5761000
|
Size: |
258048
|
|
52EA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1320898085.00000000052EA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
52EA000
|
Size: |
581632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
4DB0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2428548071.0000000004DB0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
4DB0000
|
Size: |
4096
|
|
733F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359420568.000000000733F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
733F000
|
Size: |
4096
|
|
5237000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1335784547.0000000005237000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5237000
|
Size: |
507904
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
6C23000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000006C23000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6C23000
|
Size: |
475136
|
|
86E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362592301.00000000086E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
86E0000
|
Size: |
61440
|
|
7192000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467719242.0000000007192000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7192000
|
Size: |
4096
|
|
4DE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346224105.0000000004DE0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4DE0000
|
Size: |
4096
|
|
89CB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362737331.00000000089CB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
89CB000
|
Size: |
20480
|
|
753D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2471499051.000000000753D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
753D000
|
Size: |
12288
|
|
6807000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339575423.0000000006807000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6807000
|
Size: |
36864
|
|
461C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427401907.000000000461C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
461C000
|
Size: |
16384
|
|
B187000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2566817026.000000000B187000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B187000
|
Size: |
147456
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
2E8D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350489346.0000000002E8D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E8D000
|
Size: |
8192
|
|
82D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361800630.00000000082D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
82D0000
|
Size: |
16384
|
|
8220000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361533240.0000000008220000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8220000
|
Size: |
4096
|
|
56FD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1323338098.00000000056FD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
56FD000
|
Size: |
1318912
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
4E23000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000004E23000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E23000
|
Size: |
983040
|
|
B1D5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2566817026.000000000B1D5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B1D5000
|
Size: |
98304
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
478E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350955574.000000000478E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
478E000
|
Size: |
8192
|
|
2E29000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339656804.0000000002E29000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E29000
|
Size: |
12288
|
|
28EC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1349552629.00000000028EC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
28EC000
|
Size: |
16384
|
|
7400000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2471000410.0000000007400000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7400000
|
Size: |
65536
|
|
6AC7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1332175842.0000000006AC7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6AC7000
|
Size: |
45056
|
|
80F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2479020972.00000000080F0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
80F0000
|
Size: |
12288
|
|
2C9A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2426154954.0000000002C9A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C9A000
|
Size: |
872448
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
5237000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346423131.0000000005237000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5237000
|
Size: |
40960
|
|
73CF0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.1362844217.0000000073CF0000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73CF0000
|
Size: |
4096
|
|
7560000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2471831120.0000000007560000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7560000
|
Size: |
61440
|
|
5D91000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1356200602.0000000005D91000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5D91000
|
Size: |
28672
|
|
9FD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345645228.00000000009FD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9FD000
|
Size: |
12288
|
|
4D6E000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114290751.0000000004D6E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4D6E000
|
Size: |
8192
|
|
7453000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360415779.0000000007453000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7453000
|
Size: |
24576
|
|
74FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2471458006.00000000074FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
74FE000
|
Size: |
8192
|
|
5799000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347028261.0000000005799000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5799000
|
Size: |
28672
|
|
76E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360705646.00000000076E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
76E0000
|
Size: |
4096
|
|
73B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2470241731.00000000073B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
73B0000
|
Size: |
65536
|
|
6AB2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1336957121.0000000006AB2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6AB2000
|
Size: |
28672
|
|
583F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1342955460.000000000583F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
583F000
|
Size: |
4096
|
|
73F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2470831708.00000000073F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
73F0000
|
Size: |
65536
|
|
7450000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344294305.0000000007450000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7450000
|
Size: |
131072
|
|
7720000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360883296.0000000007720000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7720000
|
Size: |
65536
|
|
2D73000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339636801.0000000002D73000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D73000
|
Size: |
4096
|
|
A00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345669421.0000000000A00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A00000
|
Size: |
8192
|
|
66C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338987144.00000000066C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
66C1000
|
Size: |
913408
|
|
2E05000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1345318875.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E05000
|
Size: |
98304
|
|
6E9D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2465925083.0000000006E9D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6E9D000
|
Size: |
12288
|
|
4F16000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000004F16000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4F16000
|
Size: |
1302528
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
73B8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360040175.00000000073B8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73B8000
|
Size: |
12288
|
|
2D4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350038227.0000000002D4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D4E000
|
Size: |
8192
|
|
8A0D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362775625.0000000008A0D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
8A0D000
|
Size: |
12288
|
|
2E28000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350341147.0000000002E28000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E28000
|
Size: |
40960
|
|
2C1D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2425767119.0000000002C1D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2C1D000
|
Size: |
4096
|
|
4BB0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352011739.0000000004BB0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4BB0000
|
Size: |
36864
|
|
6F1D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1358088154.0000000006F1D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6F1D000
|
Size: |
12288
|
|
6650000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339120763.0000000006650000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6650000
|
Size: |
253952
|
|
5225000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1324026590.0000000005225000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5225000
|
Size: |
581632
|
|
4B4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427979279.0000000004B4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4B4E000
|
Size: |
8192
|
|
9821000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2486338390.0000000009821000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
9821000
|
Size: |
6287360
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
680D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1340369000.000000000680D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
680D000
|
Size: |
12288
|
|
5450000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344158628.0000000005450000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5450000
|
Size: |
40960
|
|
82F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361800630.00000000082F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
82F0000
|
Size: |
12288
|
|
2DAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2426978955.0000000002DAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2DAE000
|
Size: |
8192
|
|
6D6000
|
remote allocation
|
page readonly
|
|
|
|
Name: |
0000000B.00000002.3108966768.00000000006D6000.00000002.00000400.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page readonly
|
Base address: |
6D6000
|
Size: |
8192
|
|
2C09000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109675228.0000000002C09000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C09000
|
Size: |
8192
|
|
46A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350583309.00000000046A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46A0000
|
Size: |
8192
|
|
531E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346567330.000000000531E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
531E000
|
Size: |
8192
|
|
720E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359105652.000000000720E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
720E000
|
Size: |
8192
|
|
80E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2478989397.00000000080E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E0000
|
Size: |
4096
|
|
6BC2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000006BC2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6BC2000
|
Size: |
118784
|
|
57B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1328176741.00000000057B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57B0000
|
Size: |
32768
|
|
86F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362637517.00000000086F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
86F0000
|
Size: |
65536
|
|
4E40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346246042.0000000004E40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E40000
|
Size: |
8192
|
|
6C98000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000006C98000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6C98000
|
Size: |
917504
|
|
2E0C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346090098.0000000002E0C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E0C000
|
Size: |
69632
|
|
2A40000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109410497.0000000002A40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A40000
|
Size: |
16384
|
|
73F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360239607.00000000073F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73F5000
|
Size: |
40960
|
|
46B3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1350633900.00000000046B3000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
46B3000
|
Size: |
4096
|
|
2DC4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1334007532.0000000002DC4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DC4000
|
Size: |
409600
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
7430000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2471345125.0000000007430000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
7430000
|
Size: |
4096
|
|
72CD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467930367.00000000072CD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
72CD000
|
Size: |
4096
|
|
6F62000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1325868943.0000000006F62000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F62000
|
Size: |
913408
|
|
6808000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339631367.0000000006808000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6808000
|
Size: |
32768
|
|
75A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2475278131.00000000075A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
75A0000
|
Size: |
65536
|
|
6D8000
|
remote allocation
|
page execute and read and write
|
|
|
|
Name: |
0000000B.00000002.3109029634.00000000006D8000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
6D8000
|
Size: |
24576
|
|
5830000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1342955460.0000000005830000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5830000
|
Size: |
20480
|
|
4D8A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114363996.0000000004D8A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4D8A000
|
Size: |
4096
|
|
4A14000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1345093975.0000000004A14000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4A14000
|
Size: |
4096
|
|
7303000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359257632.0000000007303000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7303000
|
Size: |
143360
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
B0F1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2566817026.000000000B0F1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B0F1000
|
Size: |
610304
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
545B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344158628.000000000545B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
545B000
|
Size: |
20480
|
|
729000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425229716.0000000000729000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
729000
|
Size: |
28672
|
|
82EA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361800630.00000000082EA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
82EA000
|
Size: |
16384
|
|
5225000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1324722069.0000000005225000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5225000
|
Size: |
61440
|
|
6EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1331802941.0000000006EA0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6EA0000
|
Size: |
245760
|
|
2D7F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1333304190.0000000002D7F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D7F000
|
Size: |
270336
|
|
826000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425359212.0000000000826000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
826000
|
Size: |
12288
|
|
559F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346704408.000000000559F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
559F000
|
Size: |
4096
|
|
84E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362344909.00000000084E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
84E0000
|
Size: |
16384
|
|
821D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361503167.000000000821D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
821D000
|
Size: |
12288
|
|
6809000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339657879.0000000006809000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6809000
|
Size: |
28672
|
|
8E21000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2486338390.0000000008E21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8E21000
|
Size: |
10485760
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
830000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425423116.0000000000830000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
830000
|
Size: |
4096
|
|
8337000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362035275.0000000008337000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8337000
|
Size: |
28672
|
|
541F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346596178.000000000541F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
541F000
|
Size: |
4096
|
|
70B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467310999.00000000070B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
70B0000
|
Size: |
65536
|
|
82A7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361691033.00000000082A7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
82A7000
|
Size: |
12288
|
|
4D8E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114363996.0000000004D8E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4D8E000
|
Size: |
24576
|
|
8570000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1362549240.0000000008570000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8570000
|
Size: |
4096
|
|
7540000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2471545248.0000000007540000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7540000
|
Size: |
65536
|
|
4D80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352290427.0000000004D80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4D80000
|
Size: |
4096
|
|
680F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1340682866.000000000680F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
680F000
|
Size: |
4096
|
|
8170000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479594942.0000000008170000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8170000
|
Size: |
4096
|
|
85A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345482588.000000000085A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
85A000
|
Size: |
24576
|
|
2DD2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350136861.0000000002DD2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DD2000
|
Size: |
36864
|
|
2C10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425702776.0000000002C10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2C10000
|
Size: |
32768
|
|
76BD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360593373.00000000076BD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
76BD000
|
Size: |
12288
|
|
76C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360626759.00000000076C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
76C0000
|
Size: |
65536
|
|
484A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1351436307.000000000484A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
484A000
|
Size: |
12288
|
|
4B8D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428013773.0000000004B8D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4B8D000
|
Size: |
12288
|
|
4DD5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114721079.0000000004DD5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4DD5000
|
Size: |
151552
|
|
73A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359798212.00000000073A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73A7000
|
Size: |
8192
|
|
957000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345546870.0000000000957000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
957000
|
Size: |
8192
|
|
6690000
|
trusted library allocation
|
page execute
|
|
|
|
Name: |
00000000.00000003.1331447573.0000000006690000.00000010.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute
|
Base address: |
6690000
|
Size: |
4096
|
|
62E1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338593424.00000000062E1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
62E1000
|
Size: |
208896
|
|
4D4C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428330044.0000000004D4C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4D4C000
|
Size: |
16384
|
|
77B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361343293.00000000077B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
77B0000
|
Size: |
65536
|
|
8580000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2481310403.0000000008580000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8580000
|
Size: |
40960
|
|
4CF0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1352155027.0000000004CF0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
4CF0000
|
Size: |
4096
|
|
A2A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345688522.0000000000A2A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A2A000
|
Size: |
20480
|
|
63E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1324592209.00000000063E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
63E7000
|
Size: |
430080
|
|
8552000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362484221.0000000008552000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8552000
|
Size: |
20480
|
|
7730000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360932853.0000000007730000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7730000
|
Size: |
65536
|
|
4BA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352011739.0000000004BA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4BA0000
|
Size: |
8192
|
|
67F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338649488.00000000067F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F9000
|
Size: |
94208
|
|
2D73000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1345363064.0000000002D73000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D73000
|
Size: |
4096
|
|
6854000
|
trusted library allocation
|
page execute
|
|
|
|
Name: |
00000000.00000003.1330975288.0000000006854000.00000010.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute
|
Base address: |
6854000
|
Size: |
4096
|
|
629E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339533203.000000000629E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
629E000
|
Size: |
8192
|
|
2D38000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345933533.0000000002D38000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D38000
|
Size: |
229376
|
|
66BF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1324496451.00000000066BF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
66BF000
|
Size: |
614400
|
|
56F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344062761.00000000056F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
56F5000
|
Size: |
20480
|
|
2DC1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1332930982.0000000002DC1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DC1000
|
Size: |
278528
|
|
57CD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1328098800.00000000057CD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57CD000
|
Size: |
40960
|
|
5225000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1323751622.0000000005225000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5225000
|
Size: |
319488
|
|
6852000
|
trusted library allocation
|
page execute
|
|
|
|
Name: |
00000000.00000003.1331366641.0000000006852000.00000010.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute
|
Base address: |
6852000
|
Size: |
4096
|
|
2C90000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3112863768.0000000002C90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C90000
|
Size: |
12288
|
|
549C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346645230.000000000549C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
549C000
|
Size: |
16384
|
|
A30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345765268.0000000000A30000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A30000
|
Size: |
16384
|
|
5763000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1342429278.0000000005763000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5763000
|
Size: |
12288
|
|
5237000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1345410022.0000000005237000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5237000
|
Size: |
40960
|
|
4CA0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352123132.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4CA0000
|
Size: |
65536
|
|
710D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1358890424.000000000710D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
710D000
|
Size: |
12288
|
|
4650000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113775960.0000000004650000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4650000
|
Size: |
16384
|
|
67FF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339186843.00000000067FF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67FF000
|
Size: |
69632
|
|
67F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338853763.00000000067F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F9000
|
Size: |
94208
|
|
2DEF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427021286.0000000002DEF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2DEF000
|
Size: |
4096
|
|
7070000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2466765561.0000000007070000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7070000
|
Size: |
65536
|
|
75D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2477253892.00000000075D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
75D0000
|
Size: |
65536
|
|
84C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2480240153.00000000084C0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
84C0000
|
Size: |
65536
|
|
734A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467930367.000000000734A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
734A000
|
Size: |
139264
|
|
56FC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1342280876.00000000056FC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
56FC000
|
Size: |
4096
|
|
5241000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338295455.0000000005241000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5241000
|
Size: |
204800
|
|
52C3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1332059843.00000000052C3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
52C3000
|
Size: |
94208
|
|
2D7D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1345363064.0000000002D7D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D7D000
|
Size: |
8192
|
|
7373000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359420568.0000000007373000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7373000
|
Size: |
53248
|
|
2DA6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1335563423.0000000002DA6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DA6000
|
Size: |
94208
|
|
6801000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339392431.0000000006801000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6801000
|
Size: |
61440
|
|
7470000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344320579.0000000007470000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7470000
|
Size: |
12288
|
|
56FF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346792950.00000000056FF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
56FF000
|
Size: |
4096
|
|
8230000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361558817.0000000008230000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8230000
|
Size: |
65536
|
|
6261000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338493345.0000000006261000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6261000
|
Size: |
258048
|
|
757E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360452233.000000000757E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
757E000
|
Size: |
8192
|
|
2BEA000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109675228.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BEA000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
2DBE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346038873.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DBE000
|
Size: |
12288
|
|
29CD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1349767494.00000000029CD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29CD000
|
Size: |
8192
|
|
73B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1331577054.00000000073B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
73B0000
|
Size: |
192512
|
|
6846000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1342916371.0000000006846000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6846000
|
Size: |
4096
|
|
72DD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467930367.00000000072DD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
72DD000
|
Size: |
417792
|
|
464D000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113697586.000000000464D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
464D000
|
Size: |
12288
|
|
4B90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1351732180.0000000004B90000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
4B90000
|
Size: |
36864
|
|
67FC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339097919.00000000067FC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67FC000
|
Size: |
81920
|
|
82E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361800630.00000000082E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
82E0000
|
Size: |
36864
|
|
57A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1325670158.00000000057A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57A0000
|
Size: |
249856
|
|
6314000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1336147126.0000000006314000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6314000
|
Size: |
258048
|
|
4DC1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000004DC1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4DC1000
|
Size: |
397312
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
467C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427530106.000000000467C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
467C000
|
Size: |
16384
|
|
7620000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2477913353.0000000007620000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7620000
|
Size: |
65536
|
|
544A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344158628.000000000544A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
544A000
|
Size: |
20480
|
|
4B43000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1345262207.0000000004B43000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4B43000
|
Size: |
12288
|
|
5273000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1323662268.0000000005273000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5273000
|
Size: |
409600
|
|
2D74000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339569357.0000000002D74000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D74000
|
Size: |
8192
|
|
82AB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361691033.00000000082AB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
82AB000
|
Size: |
4096
|
|
5779000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341452748.0000000005779000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5779000
|
Size: |
12288
|
|
506A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.000000000506A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
506A000
|
Size: |
10485760
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
2CE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345910767.0000000002CE0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CE0000
|
Size: |
4096
|
|
680E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1340414278.000000000680E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
680E000
|
Size: |
8192
|
|
5443000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344158628.0000000005443000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5443000
|
Size: |
4096
|
|
2CAA000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113190852.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CAA000
|
Size: |
4096
|
|
2D90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350136861.0000000002D90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D90000
|
Size: |
69632
|
|
5779000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346929331.0000000005779000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5779000
|
Size: |
12288
|
|
5440000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344158628.0000000005440000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5440000
|
Size: |
8192
|
|
575F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341846446.000000000575F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
575F000
|
Size: |
28672
|
|
5E2C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000005E2C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5E2C000
|
Size: |
1286144
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2C30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425965679.0000000002C30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2C30000
|
Size: |
4096
|
|
530F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352323429.000000000530F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
530F000
|
Size: |
94208
|
|
6896000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338716229.0000000006896000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6896000
|
Size: |
913408
|
|
6AA3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1336957121.0000000006AA3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6AA3000
|
Size: |
20480
|
|
69B1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.00000000069B1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
69B1000
|
Size: |
2150400
|
|
2DF2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350341147.0000000002DF2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DF2000
|
Size: |
217088
|
|
7F620000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1363043258.000000007F620000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7F620000
|
Size: |
4096
|
|
4CB0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428197989.0000000004CB0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4CB0000
|
Size: |
65536
|
|
73F2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360239607.00000000073F2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73F2000
|
Size: |
8192
|
|
6E4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1357630398.0000000006E4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6E4E000
|
Size: |
8192
|
|
7410000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1360344293.0000000007410000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
7410000
|
Size: |
4096
|
|
829E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361666474.000000000829E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
829E000
|
Size: |
8192
|
|
629F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347417239.000000000629F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
629F000
|
Size: |
4096
|
|
45FE000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113634737.00000000045FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
45FE000
|
Size: |
8192
|
|
73E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1328211460.00000000073E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
73E0000
|
Size: |
98304
|
|
2C23000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109675228.0000000002C23000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C23000
|
Size: |
274432
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
57BD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1328098800.00000000057BD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57BD000
|
Size: |
4096
|
|
7580000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2472151910.0000000007580000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7580000
|
Size: |
65536
|
|
7358000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359420568.0000000007358000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7358000
|
Size: |
102400
|
|
809D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2478912323.000000000809D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
809D000
|
Size: |
12288
|
|
2BDC000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109675228.0000000002BDC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BDC000
|
Size: |
53248
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
63E6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1337259796.00000000063E6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
63E6000
|
Size: |
8192
|
|
29F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425557823.00000000029F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
29F0000
|
Size: |
16384
|
|
4B9F000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113973527.0000000004B9F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4B9F000
|
Size: |
4096
|
|
B1EE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2566817026.000000000B1EE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B1EE000
|
Size: |
10485760
|
|
7550000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2471684388.0000000007550000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7550000
|
Size: |
65536
|
|
4840000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1351436307.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4840000
|
Size: |
32768
|
|
5DB9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1356200602.0000000005DB9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5DB9000
|
Size: |
184320
|
|
8760000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2484693424.0000000008760000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
8760000
|
Size: |
520192
|
|
4D0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428301819.0000000004D0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4D0E000
|
Size: |
8192
|
|
73E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2470654663.00000000073E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
73E0000
|
Size: |
65536
|
|
84D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2480373476.00000000084D0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
84D0000
|
Size: |
65536
|
|
C0D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345811836.0000000000C0D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C0D000
|
Size: |
12288
|
|
A35000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345765268.0000000000A35000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A35000
|
Size: |
16384
|
|
6AB2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344364701.0000000006AB2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6AB2000
|
Size: |
28672
|
|
45C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427228618.00000000045C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
45C0000
|
Size: |
65536
|
|
4A20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427714383.0000000004A20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4A20000
|
Size: |
65536
|
|
52B5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1324677472.00000000052B5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
52B5000
|
Size: |
139264
|
|
6803000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339455394.0000000006803000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6803000
|
Size: |
53248
|
|
4700000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350891692.0000000004700000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4700000
|
Size: |
4096
|
|
51E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346309944.00000000051E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
51E0000
|
Size: |
4096
|
|
2DDC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350136861.0000000002DDC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DDC000
|
Size: |
65536
|
|
2B8D000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109601502.0000000002B8D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2B8D000
|
Size: |
12288
|
|
8550000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2481042955.0000000008550000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8550000
|
Size: |
65536
|
|
832F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361998519.000000000832F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
832F000
|
Size: |
28672
|
|
2E2B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1323969374.0000000002E2B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E2B000
|
Size: |
16384
|
|
4D7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352258399.0000000004D7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4D7E000
|
Size: |
8192
|
|
4BC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352011739.0000000004BC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4BC0000
|
Size: |
249856
|
|
2A20000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109355794.0000000002A20000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A20000
|
Size: |
4096
|
|
7345000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359420568.0000000007345000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7345000
|
Size: |
8192
|
|
5776000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341174938.0000000005776000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5776000
|
Size: |
24576
|
|
46C9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350707007.00000000046C9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46C9000
|
Size: |
16384
|
|
5DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1356200602.0000000005DA0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5DA0000
|
Size: |
4096
|
|
2E10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427150143.0000000002E10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E10000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2ECF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350516823.0000000002ECF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2ECF000
|
Size: |
4096
|
|
29A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1349732645.00000000029A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29A0000
|
Size: |
12288
|
|
7090000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467025577.0000000007090000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7090000
|
Size: |
65536
|
|
4A30000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2427789560.0000000004A30000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
4A30000
|
Size: |
12288
|
|
5837000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1342955460.0000000005837000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5837000
|
Size: |
4096
|
|
4A10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1345093975.0000000004A10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4A10000
|
Size: |
4096
|
|
46E2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350829845.00000000046E2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46E2000
|
Size: |
12288
|
|
2CA1000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113190852.0000000002CA1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CA1000
|
Size: |
8192
|
|
29E0000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425529158.00000000029E0000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
29E0000
|
Size: |
4096
|
|
8500000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362449883.0000000008500000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8500000
|
Size: |
32768
|
|
7780000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361185650.0000000007780000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7780000
|
Size: |
65536
|
|
4E06000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114721079.0000000004E06000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E06000
|
Size: |
20480
|
|
698A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338856867.000000000698A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
698A000
|
Size: |
913408
|
|
2DA2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350136861.0000000002DA2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DA2000
|
Size: |
98304
|
|
73D0D000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362960415.0000000073D0D000.00000004.00000001.01000000.0000000A.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
73D0D000
|
Size: |
8192
|
|
62E1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1336324272.00000000062E1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
62E1000
|
Size: |
208896
|
|
46B4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350664707.00000000046B4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
46B4000
|
Size: |
36864
|
|
67FB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339054279.00000000067FB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67FB000
|
Size: |
86016
|
|
4670000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350541041.0000000004670000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4670000
|
Size: |
4096
|
|
67D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338472858.00000000067D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67D0000
|
Size: |
131072
|
|
680B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339879838.000000000680B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
680B000
|
Size: |
20480
|
|
691000
|
remote allocation
|
page execute read
|
|
|
|
Name: |
0000000B.00000002.3107804522.0000000000691000.00000020.00000400.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute read
|
Base address: |
691000
|
Size: |
282624
|
|
A26000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345688522.0000000000A26000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A26000
|
Size: |
12288
|
|
8C0C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347669416.0000000008C0C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
8C0C000
|
Size: |
16384
|
|
76F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360733806.00000000076F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
76F0000
|
Size: |
61440
|
|
6850000
|
trusted library allocation
|
page execute
|
|
|
|
Name: |
00000000.00000003.1331409737.0000000006850000.00000010.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute
|
Base address: |
6850000
|
Size: |
4096
|
|
DE21000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2741460030.000000000DE21000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
DE21000
|
Size: |
9478144
|
|
7610000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2477778697.0000000007610000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7610000
|
Size: |
65536
|
|
2C71000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3112649131.0000000002C71000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C71000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
8110000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479189580.0000000008110000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8110000
|
Size: |
20480
|
|
7287000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467770195.0000000007287000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7287000
|
Size: |
36864
|
|
2D70000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1333355838.0000000002D70000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D70000
|
Size: |
24576
|
|
58D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347283336.00000000058D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
58D0000
|
Size: |
4096
|
|
2C22000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425822635.0000000002C22000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2C22000
|
Size: |
4096
|
|
575E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1340712665.000000000575E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
575E000
|
Size: |
405504
|
|
2D7D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345989781.0000000002D7D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D7D000
|
Size: |
8192
|
|
51E1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1335784547.00000000051E1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
51E1000
|
Size: |
339968
|
|
8B0B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347648404.0000000008B0B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
8B0B000
|
Size: |
20480
|
|
2DBD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1333920261.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DBD000
|
Size: |
16384
|
|
52C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346522893.00000000052C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
52C1000
|
Size: |
8192
|
|
8206000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479821860.0000000008206000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8206000
|
Size: |
40960
|
|
6ABF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344364701.0000000006ABF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6ABF000
|
Size: |
32768
|
|
8520000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2480886576.0000000008520000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8520000
|
Size: |
4096
|
|
7590000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2474294496.0000000007590000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7590000
|
Size: |
65536
|
|
70C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467466609.00000000070C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
70C0000
|
Size: |
65536
|
|
73C3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360116267.00000000073C3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73C3000
|
Size: |
45056
|
|
820000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425359212.0000000000820000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
820000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
8590000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2481424152.0000000008590000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8590000
|
Size: |
65536
|
|
4BFE000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114026836.0000000004BFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4BFE000
|
Size: |
8192
|
|
75C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2477065766.00000000075C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
75C0000
|
Size: |
65536
|
|
2E00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427094977.0000000002E00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2E00000
|
Size: |
65536
|
|
6853000
|
trusted library allocation
|
page execute
|
|
|
|
Name: |
00000000.00000003.1331299687.0000000006853000.00000010.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute
|
Base address: |
6853000
|
Size: |
4096
|
|
2C69000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3112478802.0000000002C69000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C69000
|
Size: |
12288
|
|
629F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344428918.000000000629F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
629F000
|
Size: |
4096
|
|
4C3F000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3114198803.0000000004C3F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4C3F000
|
Size: |
4096
|
|
708A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1358812203.000000000708A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
708A000
|
Size: |
24576
|
|
5068000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352323429.0000000005068000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5068000
|
Size: |
274432
|
|
7750000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361031821.0000000007750000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7750000
|
Size: |
65536
|
|
56FF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1342280876.00000000056FF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
56FF000
|
Size: |
4096
|
|
2D0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1349948301.0000000002D0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2D0E000
|
Size: |
8192
|
|
73D0F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000001.00000002.1362995398.0000000073D0F000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
73D0F000
|
Size: |
12288
|
|
85A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2481587761.00000000085A0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
85A0000
|
Size: |
65536
|
|
7F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425329130.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7F0000
|
Size: |
12288
|
|
6F80000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1358313969.0000000006F80000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
6F80000
|
Size: |
12288
|
|
2DBE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350136861.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DBE000
|
Size: |
57344
|
|
8129000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479254610.0000000008129000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8129000
|
Size: |
28672
|
|
8190000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1361392096.0000000008190000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8190000
|
Size: |
32768
|
|
2E33000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350341147.0000000002E33000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E33000
|
Size: |
364544
|
|
2C32000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2426010774.0000000002C32000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2C32000
|
Size: |
12288
|
|
6E5C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2465871300.0000000006E5C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6E5C000
|
Size: |
16384
|
|
2C35000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2426042691.0000000002C35000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2C35000
|
Size: |
45056
|
|
74BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2471415096.00000000074BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
74BE000
|
Size: |
8192
|
|
2990000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1349708277.0000000002990000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2990000
|
Size: |
4096
|
|
8240000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000001.00000002.1361618672.0000000008240000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8240000
|
Size: |
8192
|
|
698A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1325736467.000000000698A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
698A000
|
Size: |
925696
|
|
5420000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346622390.0000000005420000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5420000
|
Size: |
4096
|
|
2C9D000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113190852.0000000002C9D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C9D000
|
Size: |
12288
|
|
6ABF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347602158.0000000006ABF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6ABF000
|
Size: |
32768
|
|
2DCD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1350136861.0000000002DCD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DCD000
|
Size: |
16384
|
|
4D91000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352323429.0000000004D91000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4D91000
|
Size: |
425984
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
8510000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2480784001.0000000008510000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8510000
|
Size: |
49152
|
|
A20000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1345688522.0000000000A20000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
A20000
|
Size: |
16384
|
|
67F1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338649488.00000000067F1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F1000
|
Size: |
4096
|
|
57AF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1343960007.00000000057AF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
57AF000
|
Size: |
73728
|
|
67F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338886663.00000000067F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F9000
|
Size: |
94208
|
|
85B0000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2481742510.00000000085B0000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
85B0000
|
Size: |
1720320
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
8120000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2479254610.0000000008120000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8120000
|
Size: |
32768
|
|
2C81000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3112863768.0000000002C81000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C81000
|
Size: |
53248
|
|
29BC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425462158.00000000029BC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
29BC000
|
Size: |
16384
|
|
52BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1332244889.00000000052BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
52BB000
|
Size: |
32768
|
|
B1CE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2566817026.000000000B1CE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B1CE000
|
Size: |
24576
|
|
67F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338561320.00000000067F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F9000
|
Size: |
94208
|
|
4BCF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428053306.0000000004BCF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4BCF000
|
Size: |
4096
|
|
8010000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2478637811.0000000008010000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8010000
|
Size: |
45056
|
|
6EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1331650774.0000000006EE0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6EE0000
|
Size: |
380928
|
|
5DC1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000005DC1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5DC1000
|
Size: |
126976
|
|
67A000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3107625860.000000000067A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
67A000
|
Size: |
24576
|
|
459E000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113576295.000000000459E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
459E000
|
Size: |
8192
|
|
B1AC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2566817026.000000000B1AC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
B1AC000
|
Size: |
135168
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
29C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1349767494.00000000029C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29C0000
|
Size: |
49152
|
|
6A70000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347581952.0000000006A70000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A70000
|
Size: |
4096
|
|
2C00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425592426.0000000002C00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2C00000
|
Size: |
12288
|
|
6355000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338593424.0000000006355000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6355000
|
Size: |
12288
|
|
4B0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427948099.0000000004B0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4B0E000
|
Size: |
8192
|
|
73F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360239607.00000000073F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73F0000
|
Size: |
4096
|
|
2E24000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1323969374.0000000002E24000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E24000
|
Size: |
24576
|
|
2C60000
|
heap
|
page readonly
|
|
|
|
Name: |
00000005.00000002.2426125173.0000000002C60000.00000002.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page readonly
|
Base address: |
2C60000
|
Size: |
4096
|
|
7EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425298570.00000000007EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
7EE000
|
Size: |
8192
|
|
700E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1358421343.000000000700E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
700E000
|
Size: |
8192
|
|
47FC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1351070461.00000000047FC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
47FC000
|
Size: |
16384
|
|
718B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359020339.000000000718B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
718B000
|
Size: |
20480
|
|
63A4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1337259796.00000000063A4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
63A4000
|
Size: |
262144
|
|
7373000
|
heap
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2467930367.0000000007373000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7373000
|
Size: |
8192
|
|
5A6A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000005A6A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5A6A000
|
Size: |
3497984
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
63B000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3107514100.000000000063B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
63B000
|
Size: |
20480
|
|
629E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339447030.000000000629E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
629E000
|
Size: |
8192
|
|
4A1F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1345093975.0000000004A1F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4A1F000
|
Size: |
4096
|
|
75BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360487840.00000000075BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
75BE000
|
Size: |
8192
|
|
2DBB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1323999255.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DBB000
|
Size: |
303104
|
|
2C04000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2425643100.0000000002C04000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2C04000
|
Size: |
36864
|
|
2E20000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346118697.0000000002E20000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E20000
|
Size: |
32768
|
|
72FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1359174896.00000000072FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
72FE000
|
Size: |
8192
|
|
56EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1346766712.00000000056EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
56EE000
|
Size: |
8192
|
|
5487000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1352323429.0000000005487000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5487000
|
Size: |
376832
|
|
5055000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2428592239.0000000005055000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5055000
|
Size: |
24576
|
|
767E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1360564657.000000000767E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
767E000
|
Size: |
8192
|
|
81A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361425983.00000000081A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
81A0000
|
Size: |
61440
|
|
680C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339940484.000000000680C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
680C000
|
Size: |
16384
|
|
56FF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1344062761.00000000056FF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
56FF000
|
Size: |
4096
|
|
84FE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362377595.00000000084FE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
84FE000
|
Size: |
8192
|
|
2E29000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1334007532.0000000002E29000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E29000
|
Size: |
24576
|
|
8560000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000005.00000002.2481162353.0000000008560000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8560000
|
Size: |
65536
|
|
6362000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347470325.0000000006362000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6362000
|
Size: |
4096
|
|
8855000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1362696690.0000000008855000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8855000
|
Size: |
36864
|
|
75E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2477383960.00000000075E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
75E0000
|
Size: |
65536
|
|
2C50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2426091952.0000000002C50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2C50000
|
Size: |
4096
|
|
67F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338779055.00000000067F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F9000
|
Size: |
94208
|
|
5779000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1341522415.0000000005779000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5779000
|
Size: |
12288
|
|
82A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000001.00000002.1361691033.00000000082A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
1
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
82A0000
|
Size: |
24576
|
|
C5EE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2566817026.000000000C5EE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
C5EE000
|
Size: |
8564736
|
|
5382000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1321616239.0000000005382000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5382000
|
Size: |
876544
|
|
6805000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339510917.0000000006805000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6805000
|
Size: |
45056
|
|
29B0000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3109279654.00000000029B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29B0000
|
Size: |
8192
|
|
6804000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1339478367.0000000006804000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6804000
|
Size: |
49152
|
|
80DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2478954823.00000000080DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
80DE000
|
Size: |
8192
|
|
2DBB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1323717448.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DBB000
|
Size: |
303104
|
|
2CBE000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000B.00000002.3113457087.0000000002CBE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
11
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2CBE000
|
Size: |
4096
|
|
2DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427046552.0000000002DF0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2DF0000
|
Size: |
65536
|
|
67F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1338818873.00000000067F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
67F9000
|
Size: |
94208
|
|
4620000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000005.00000002.2427434393.0000000004620000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
5
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4620000
|
Size: |
53248
|
|
6355000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.1347443442.0000000006355000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6355000
|
Size: |
12288
|
|