4CC0000
|
trusted library allocation
|
page read and write
|
 |
|
|
Name: |
00000007.00000002.3331607964.0000000004CC0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4CC0000
|
Size: |
278528
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
2F30000
|
unkown
|
page execute and read and write
|
 |
|
|
Name: |
00000006.00000002.3331504946.0000000002F30000.00000040.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
2F30000
|
Size: |
5025792
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
66A0000
|
unclassified section
|
page execute and read and write
|
 |
|
|
Name: |
00000003.00000002.2648982927.00000000066A0000.00000040.10000000.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page execute and read and write
|
Base address: |
66A0000
|
Size: |
278528
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
2E90000
|
system
|
page execute and read and write
|
 |
|
|
Name: |
00000007.00000002.3329623410.0000000002E90000.00000040.80000000.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page execute and read and write
|
Base address: |
2E90000
|
Size: |
278528
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
4C70000
|
trusted library allocation
|
page read and write
|
 |
|
|
Name: |
00000007.00000002.3331555091.0000000004C70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4C70000
|
Size: |
278528
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
400000
|
remote allocation
|
page execute and read and write
|
 |
|
|
Name: |
00000003.00000002.2568469624.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
remote allocation
|
Protect: |
page execute and read and write
|
Base address: |
400000
|
Size: |
290816
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
2C70000
|
system
|
page execute and read and write
|
 |
|
|
Name: |
00000008.00000002.3331513632.0000000002C70000.00000040.80000000.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page execute and read and write
|
Base address: |
2C70000
|
Size: |
507904
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
21D0000
|
unclassified section
|
page execute and read and write
|
 |
|
|
Name: |
00000003.00000002.2570491492.00000000021D0000.00000040.10000000.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page execute and read and write
|
Base address: |
21D0000
|
Size: |
5025792
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
69F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2152187320.00000000069F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
69F0000
|
Size: |
49152
|
|
6109000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2150469966.0000000006109000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6109000
|
Size: |
49152
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742946727.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2750434246.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
25635421000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2861064717.0000025635421000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25635421000
|
Size: |
4096
|
|
31F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2751138670.00000000031F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31F3000
|
Size: |
8192
|
|
D00000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2638665375.0000000000D00000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
D00000
|
Size: |
4096
|
|
CF0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3329842751.0000000000CF0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
CF0000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745264723.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
157E000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2569051667.000000000157E000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
157E000
|
Size: |
24576
|
|
1861000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3331444469.0000000001861000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
1861000
|
Size: |
385024
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
880000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142286249.0000000000880000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
880000
|
Size: |
8192
|
|
3270000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.0000000003270000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3270000
|
Size: |
4096
|
|
31F8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2751138670.00000000031F8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31F8000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
80DF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.00000000080DF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80DF000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745019478.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745202445.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
6650000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2151901237.0000000006650000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6650000
|
Size: |
32768
|
|
941000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142694203.0000000000941000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
941000
|
Size: |
135168
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
63A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490492526.000000000063A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
63A000
|
Size: |
24576
|
|
2F62000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331926248.0000000002F62000.00000004.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2F62000
|
Size: |
4096
|
|
DD0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3330185940.0000000000DD0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
DD0000
|
Size: |
4096
|
|
36F6000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331926248.00000000036F6000.00000004.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
36F6000
|
Size: |
4096
|
|
25633980000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2860943298.0000025633980000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25633980000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744189413.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
B2A000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490941556.0000000000B2A000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B2A000
|
Size: |
32768
|
|
49C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146743440.00000000049C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
49C0000
|
Size: |
57344
|
|
339DC000
|
system
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2859587382.00000000339DC000.00000004.80000000.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page read and write
|
Base address: |
339DC000
|
Size: |
1011712
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756890840.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
2F10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329728550.0000000002F10000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F10000
|
Size: |
4096
|
|
31A8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2568828457.00000000031A8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31A8000
|
Size: |
28672
|
|
10FC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2638800690.00000000010FC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
10FC000
|
Size: |
16384
|
|
3150000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2574608309.0000000003150000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3150000
|
Size: |
172032
|
|
2FBC000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331926248.0000000002FBC000.00000004.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2FBC000
|
Size: |
4096
|
|
4E13000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148531709.0000000004E13000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E13000
|
Size: |
57344
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2749801252.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742479891.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741748602.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
38D7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2144726413.00000000038D7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
38D7000
|
Size: |
1146880
|
|
80DA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756221164.00000000080DA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80DA000
|
Size: |
4096
|
|
31B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2568806948.00000000031B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31B9000
|
Size: |
20480
|
|
8080000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.0000000008080000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8080000
|
Size: |
16384
|
|
905000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142694203.0000000000905000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
905000
|
Size: |
53248
|
|
814000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3330240590.0000000000814000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
814000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744837109.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744609115.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741187093.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
7DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490650072.00000000007DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
7DE000
|
Size: |
8192
|
|
2DB0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2639290126.0000000002DB0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
2DB0000
|
Size: |
925696
|
|
51A1000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.3331801207.00000000051A1000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
51A1000
|
Size: |
458752
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743218117.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
4979000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146449118.0000000004979000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4979000
|
Size: |
8192
|
|
2440000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3331342127.0000000002440000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
2440000
|
Size: |
925696
|
|
3BAC000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331926248.0000000003BAC000.00000004.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3BAC000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2748696626.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2747573289.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
6A2B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2152280361.0000000006A2B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A2B000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
8A6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2142610900.00000000008A6000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8A6000
|
Size: |
8192
|
|
10FC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330370857.00000000010FC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
10FC000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2570772893.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
65536
|
|
B70000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143173712.0000000000B70000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B70000
|
Size: |
24576
|
|
5F2C000
|
unclassified section
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3332259601.0000000005F2C000.00000004.10000000.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page read and write
|
Base address: |
5F2C000
|
Size: |
4096
|
|
807B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.000000000807B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
807B000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743124514.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
821000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000008.00000000.2638569409.0000000000821000.00000020.00000001.01000000.00000012.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
821000
|
Size: |
57344
|
|
89C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142357603.000000000089C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
89C000
|
Size: |
4096
|
|
80E9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756221164.00000000080E9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E9000
|
Size: |
8192
|
|
7FC6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2753942985.0000000007FC6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7FC6000
|
Size: |
602112
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741836511.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
890E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2153514151.000000000890E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
890E000
|
Size: |
8192
|
|
73C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490514017.000000000073C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
73C000
|
Size: |
16384
|
|
4FFD000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.3331801207.0000000004FFD000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4FFD000
|
Size: |
458752
|
|
25635410000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2861064717.0000025635410000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25635410000
|
Size: |
4096
|
|
3198000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.0000000003198000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3198000
|
Size: |
65536
|
|
6090000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2149411356.0000000006090000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6090000
|
Size: |
4096
|
|
22FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2491035472.00000000022FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
22FE000
|
Size: |
8192
|
|
80A6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.00000000080A6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80A6000
|
Size: |
8192
|
|
8AA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2142627139.00000000008AA000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8AA000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742115702.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
6020000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2149278734.0000000006020000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
6020000
|
Size: |
65536
|
|
8094000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.0000000008094000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8094000
|
Size: |
32768
|
|
DE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2638768050.0000000000DE0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DE0000
|
Size: |
4096
|
|
4A20000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2147450987.0000000004A20000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4A20000
|
Size: |
65536
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742434015.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
11A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330758662.00000000011A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11A0000
|
Size: |
12288
|
|
24C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143270187.00000000024C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
24C0000
|
Size: |
8192
|
|
4966000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146449118.0000000004966000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4966000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742996819.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2750294619.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
863E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334561869.000000000863E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
863E000
|
Size: |
8192
|
|
4E70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2640715890.0000000004E70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E70000
|
Size: |
172032
|
|
1141000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2638873875.0000000001141000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
1141000
|
Size: |
12288
|
|
60C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2149599275.00000000060C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
60C0000
|
Size: |
65536
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745887163.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742582169.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
5C08000
|
unclassified section
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3332259601.0000000005C08000.00000004.10000000.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page read and write
|
Base address: |
5C08000
|
Size: |
4096
|
|
25633A73000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2861022184.0000025633A73000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25633A73000
|
Size: |
28672
|
|
62B5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2150928483.00000000062B5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
62B5000
|
Size: |
40960
|
|
3564000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331926248.0000000003564000.00000004.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3564000
|
Size: |
4096
|
|
24D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143292000.00000000024D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
24D0000
|
Size: |
65536
|
|
820000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3330345094.0000000000820000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
820000
|
Size: |
4096
|
|
2530000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000006.00000002.3331504946.0000000002530000.00000040.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
2530000
|
Size: |
10485760
|
|
7FC3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2750163950.0000000007FC3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7FC3000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
85A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3330593051.000000000085A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85A000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744137831.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741700262.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
4D10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3331663198.0000000004D10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4D10000
|
Size: |
94208
|
|
23FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2491064324.00000000023FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
23FF000
|
Size: |
4096
|
|
25635300000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2861037031.0000025635300000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25635300000
|
Size: |
4096
|
|
113E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330483461.000000000113E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
113E000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744054236.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
80B6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.00000000080B6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80B6000
|
Size: |
4096
|
|
914000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142694203.0000000000914000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
914000
|
Size: |
122880
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742315616.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742867832.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2749427304.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744714058.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
49BD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146743440.00000000049BD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
49BD000
|
Size: |
8192
|
|
7EEF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2152320475.0000000007EEF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
7EEF000
|
Size: |
4096
|
|
49E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2147203201.00000000049E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
49E0000
|
Size: |
65536
|
|
673E000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2152033122.000000000673E000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
673E000
|
Size: |
8192
|
|
3190000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.0000000003190000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3190000
|
Size: |
24576
|
|
86FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334625969.00000000086FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
86FF000
|
Size: |
4096
|
|
2521000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143404303.0000000002521000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2521000
|
Size: |
839680
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
31B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2569051603.00000000031B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31B3000
|
Size: |
24576
|
|
519D000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.3331801207.000000000519D000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
519D000
|
Size: |
4096
|
|
324B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.000000000324B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
324B000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
810000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490708026.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
810000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742919467.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
6080000
|
trusted library section
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2149365770.0000000006080000.00000002.08000000.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page readonly
|
Base address: |
6080000
|
Size: |
65536
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745235057.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
80CB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.00000000080CB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80CB000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743989605.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
839000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490832605.0000000000839000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
839000
|
Size: |
61440
|
|
25633A6C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2811011590.0000025633A6C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25633A6C000
|
Size: |
4096
|
|
322E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2753085933.000000000322E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
322E000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2749932616.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
6BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142135373.00000000006BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6BE000
|
Size: |
8192
|
|
7E1000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3330128415.00000000007E1000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7E1000
|
Size: |
12288
|
|
25633A5C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2860971200.0000025633A5C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25633A5C000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
256337C9000
|
system
|
page execute and read and write
|
|
|
|
Name: |
00000009.00000002.2860832735.00000256337C9000.00000040.80000000.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page execute and read and write
|
Base address: |
256337C9000
|
Size: |
4096
|
|
390000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3329555234.0000000000390000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
390000
|
Size: |
4096
|
|
506E000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.3331801207.000000000506E000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
506E000
|
Size: |
1220608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
54AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148778309.00000000054AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
54AE000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756934610.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
31B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2569116771.00000000031B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31B3000
|
Size: |
24576
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756824013.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744738809.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
4C60000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148007265.0000000004C60000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4C60000
|
Size: |
4096
|
|
7FBE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3333990255.0000000007FBE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
7FBE000
|
Size: |
8192
|
|
24E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143320092.00000000024E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
24E0000
|
Size: |
65536
|
|
11BE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2638992362.00000000011BE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11BE000
|
Size: |
90112
|
|
790000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3330068963.0000000000790000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
790000
|
Size: |
4096
|
|
839000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3329772501.0000000000839000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
839000
|
Size: |
61440
|
|
4C80000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2148046713.0000000004C80000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
4C80000
|
Size: |
4096
|
|
1150000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330594005.0000000001150000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
1150000
|
Size: |
4096
|
|
24F0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2143342784.00000000024F0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
24F0000
|
Size: |
4096
|
|
760000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3329893911.0000000000760000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
760000
|
Size: |
4096
|
|
740000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3329770415.0000000000740000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
740000
|
Size: |
4096
|
|
5BAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3333588019.0000000005BAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5BAE000
|
Size: |
8192
|
|
320B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2751138670.000000000320B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
320B000
|
Size: |
12288
|
|
6127000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2150469966.0000000006127000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6127000
|
Size: |
16384
|
|
790000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490632656.0000000000790000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
790000
|
Size: |
4096
|
|
317C000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2639372370.000000000317C000.00000004.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
317C000
|
Size: |
1011712
|
|
33702000
|
system
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2859587382.0000000033702000.00000004.80000000.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page read and write
|
Base address: |
33702000
|
Size: |
4096
|
|
62A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2150863596.00000000062A0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
62A0000
|
Size: |
57344
|
|
DB0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3330071009.0000000000DB0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
DB0000
|
Size: |
4096
|
|
4E54000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148582708.0000000004E54000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E54000
|
Size: |
217088
|
|
2E3B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329455218.0000000002E3B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E3B000
|
Size: |
20480
|
|
836000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3329715597.0000000000836000.00000004.00000001.01000000.00000012.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
836000
|
Size: |
8192
|
|
13BF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2569029964.00000000013BF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
13BF000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743035902.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3235000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.0000000003235000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3235000
|
Size: |
4096
|
|
3284000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.0000000003284000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3284000
|
Size: |
45056
|
|
321D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.000000000321D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
321D000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742557054.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
2D12000
|
system
|
page execute and read and write
|
|
|
|
Name: |
00000008.00000002.3331513632.0000000002D12000.00000040.80000000.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page execute and read and write
|
Base address: |
2D12000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744165815.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
54F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148854053.00000000054F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
54F0000
|
Size: |
4096
|
|
EB0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2568880286.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
EB0000
|
Size: |
24576
|
|
60E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2150415528.00000000060E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
60E0000
|
Size: |
65536
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2639064740.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E0000
|
Size: |
8192
|
|
12F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331231806.00000000012F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F0000
|
Size: |
20480
|
|
814000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490708026.0000000000814000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
814000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744567693.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742388388.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741781238.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
12BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2569005375.00000000012BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
12BE000
|
Size: |
8192
|
|
820000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2638555864.0000000000820000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
820000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742707836.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
2500000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143361905.0000000002500000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2500000
|
Size: |
65536
|
|
62B49FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2860819357.00000062B49FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
62B49FE000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744471294.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
80D3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756221164.00000000080D3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80D3000
|
Size: |
12288
|
|
80E8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.00000000080E8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E8000
|
Size: |
12288
|
|
1141000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3330536131.0000000001141000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
1141000
|
Size: |
12288
|
|
11B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330811358.00000000011B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11B0000
|
Size: |
32768
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2746695686.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
DC0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3330130134.0000000000DC0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
DC0000
|
Size: |
4096
|
|
D7A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2638689712.0000000000D7A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
D7A000
|
Size: |
24576
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2587836844.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
237568
|
|
11BE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330811358.00000000011BE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11BE000
|
Size: |
90112
|
|
8076000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.0000000008076000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8076000
|
Size: |
8192
|
|
6630000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2151789014.0000000006630000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
6630000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
7FC3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2754206326.0000000007FC3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7FC3000
|
Size: |
602112
|
|
582F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2149122201.000000000582F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
582F000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2746046255.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
64BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2151156024.00000000064BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
64BE000
|
Size: |
8192
|
|
3888000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331926248.0000000003888000.00000004.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3888000
|
Size: |
4096
|
|
B77000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143173712.0000000000B77000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B77000
|
Size: |
32768
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743899052.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
5CAF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3333613288.0000000005CAF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CAF000
|
Size: |
4096
|
|
590000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142055917.0000000000590000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
590000
|
Size: |
4096
|
|
3228000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2753085933.0000000003228000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3228000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
80CD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756221164.00000000080CD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80CD000
|
Size: |
4096
|
|
720000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142190193.0000000000720000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
720000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744634059.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
256355BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2810935021.00000256355BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
256355BE000
|
Size: |
12288
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2749853192.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
31F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.00000000031F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31F3000
|
Size: |
4096
|
|
850000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490854727.0000000000850000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
850000
|
Size: |
32768
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743688812.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2746403726.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3206000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2751138670.0000000003206000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3206000
|
Size: |
8192
|
|
4DC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.3331702301.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
4DC0000
|
Size: |
94208
|
|
5D9A000
|
unclassified section
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3332259601.0000000005D9A000.00000004.10000000.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page read and write
|
Base address: |
5D9A000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2749734673.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744812691.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745296880.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
4A70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2147797093.0000000004A70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4A70000
|
Size: |
65536
|
|
730000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142209298.0000000000730000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
730000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741077142.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
893000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142357603.0000000000893000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
893000
|
Size: |
20480
|
|
256337C5000
|
system
|
page execute and read and write
|
|
|
|
Name: |
00000009.00000002.2860832735.00000256337C5000.00000040.80000000.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page execute and read and write
|
Base address: |
256337C5000
|
Size: |
4096
|
|
770000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490590462.0000000000770000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
770000
|
Size: |
20480
|
|
2FB4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2575179502.0000000002FB4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2FB4000
|
Size: |
4096
|
|
31DD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.00000000031DD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31DD000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745049314.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
62B31FB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2860774700.00000062B31FB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
62B31FB000
|
Size: |
20480
|
|
87E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142268966.000000000087E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
87E000
|
Size: |
8192
|
|
E30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2568741877.0000000000E30000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E30000
|
Size: |
4096
|
|
2440000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2491162779.0000000002440000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
2440000
|
Size: |
925696
|
|
25635400000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2861051064.0000025635400000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25635400000
|
Size: |
4096
|
|
780000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490612535.0000000000780000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
780000
|
Size: |
4096
|
|
4B73000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3331411759.0000000004B73000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4B73000
|
Size: |
1007616
|
|
12B0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331077546.00000000012B0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
12B0000
|
Size: |
12288
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743736441.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
B20000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490941556.0000000000B20000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B20000
|
Size: |
36864
|
|
12E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331125801.00000000012E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E4000
|
Size: |
4096
|
|
497F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146449118.000000000497F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
497F000
|
Size: |
4096
|
|
3412000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000006.00000002.3331504946.0000000003412000.00000040.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
3412000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744787203.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743374181.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
8060000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334022778.0000000008060000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8060000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742057645.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
89D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2142565389.000000000089D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
89D000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2746208413.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3238000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.0000000003238000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3238000
|
Size: |
16384
|
|
5A76000
|
unclassified section
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3332259601.0000000005A76000.00000004.10000000.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page read and write
|
Base address: |
5A76000
|
Size: |
4096
|
|
1190000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2638964138.0000000001190000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
1190000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2746132116.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3612000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2144726413.0000000003612000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3612000
|
Size: |
2588672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
670000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142095459.0000000000670000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
670000
|
Size: |
8192
|
|
AD0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143062374.0000000000AD0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
AD0000
|
Size: |
4096
|
|
2FA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329775909.0000000002FA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2FA0000
|
Size: |
4096
|
|
63A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2151036093.00000000063A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
63A0000
|
Size: |
65536
|
|
3381C000
|
system
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2859587382.000000003381C000.00000004.80000000.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page read and write
|
Base address: |
3381C000
|
Size: |
4096
|
|
4B79000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2568481894.0000000004B79000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4B79000
|
Size: |
1187840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741970754.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
80F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756221164.00000000080F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80F7000
|
Size: |
12288
|
|
31AE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2569051603.00000000031AE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31AE000
|
Size: |
4096
|
|
EB8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2568880286.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
EB8000
|
Size: |
36864
|
|
62B41FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2860805954.00000062B41FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
62B41FE000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744079237.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
17C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2570454186.00000000017C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
17C0000
|
Size: |
8192
|
|
7CC0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3333865605.0000000007CC0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7CC0000
|
Size: |
4096
|
|
25635415000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2861064717.0000025635415000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25635415000
|
Size: |
8192
|
|
82F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3329655344.000000000082F000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
82F000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
DE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330243075.0000000000DE0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
DE0000
|
Size: |
4096
|
|
17D0000
|
unclassified section
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2570491492.00000000017D0000.00000040.10000000.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page execute and read and write
|
Base address: |
17D0000
|
Size: |
10485760
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2575266736.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742754936.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
4ED0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.3331801207.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4ED0000
|
Size: |
1208320
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
7F0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490689763.00000000007F0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7F0000
|
Size: |
4096
|
|
873E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334647105.000000000873E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
873E000
|
Size: |
8192
|
|
25635500000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2810520648.0000025635500000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25635500000
|
Size: |
4096
|
|
8312000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2153436312.0000000008312000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8312000
|
Size: |
32768
|
|
E80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2568824950.0000000000E80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E80000
|
Size: |
4096
|
|
3A1A000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331926248.0000000003A1A000.00000004.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3A1A000
|
Size: |
4096
|
|
82F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2638583326.000000000082F000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
82F000
|
Size: |
28672
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742606578.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
9B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142694203.00000000009B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9B3000
|
Size: |
114688
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
56EC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3333567022.00000000056EC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
56EC000
|
Size: |
16384
|
|
1170000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3330646734.0000000001170000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
1170000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744287666.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742238954.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
A0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2067297943.00000000000A0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
A0000
|
Size: |
4096
|
|
883000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2142305924.0000000000883000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
883000
|
Size: |
4096
|
|
80ED000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756221164.00000000080ED000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80ED000
|
Size: |
4096
|
|
4CC4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148079373.0000000004CC4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4CC4000
|
Size: |
8192
|
|
4A00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2147320349.0000000004A00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4A00000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744541977.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
25633A47000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2860971200.0000025633A47000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25633A47000
|
Size: |
73728
|
|
5CEE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3333637770.0000000005CEE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5CEE000
|
Size: |
8192
|
|
B20000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3330872239.0000000000B20000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B20000
|
Size: |
36864
|
|
347A000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000006.00000002.3331504946.000000000347A000.00000040.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
347A000
|
Size: |
10485760
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743552990.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
821000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000006.00000000.2490772412.0000000000821000.00000020.00000001.01000000.00000012.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
821000
|
Size: |
57344
|
|
256337C7000
|
system
|
page execute and read and write
|
|
|
|
Name: |
00000009.00000002.2860832735.00000256337C7000.00000040.80000000.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page execute and read and write
|
Base address: |
256337C7000
|
Size: |
4096
|
|
2428000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143240097.0000000002428000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2428000
|
Size: |
4096
|
|
EA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2568848296.0000000000EA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
EA0000
|
Size: |
16384
|
|
2DB0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3331789065.0000000002DB0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
2DB0000
|
Size: |
925696
|
|
49B1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146743440.00000000049B1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
49B1000
|
Size: |
16384
|
|
31E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.00000000031E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31E7000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742731835.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743320495.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
25F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143404303.00000000025F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25F0000
|
Size: |
5419008
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
31AA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.00000000031AA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31AA000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
4E70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2579344742.0000000004E70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E70000
|
Size: |
172032
|
|
11B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2638992362.00000000011B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11B0000
|
Size: |
32768
|
|
1190000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330704199.0000000001190000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
1190000
|
Size: |
4096
|
|
1509000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2569051667.0000000001509000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
1509000
|
Size: |
4096
|
|
B60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2143118579.0000000000B60000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
B60000
|
Size: |
65536
|
|
527A000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000006.00000002.3331504946.000000000527A000.00000040.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
527A000
|
Size: |
10350592
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743154875.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742681442.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
D10000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2638677561.0000000000D10000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
D10000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744216848.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
827E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2153404100.000000000827E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
827E000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745483640.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
823E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2153365963.000000000823E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
823E000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2746944787.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
B1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143082375.0000000000B1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
B1E000
|
Size: |
8192
|
|
82F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3330436964.000000000082F000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
82F000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743927500.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
311A000
|
unclassified section
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2570491492.000000000311A000.00000040.10000000.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page execute and read and write
|
Base address: |
311A000
|
Size: |
10485760
|
|
241E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143222725.000000000241E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
241E000
|
Size: |
8192
|
|
3210000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2751138670.0000000003210000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3210000
|
Size: |
8192
|
|
80B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.00000000080B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80B0000
|
Size: |
16384
|
|
127F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2568981020.000000000127F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
127F000
|
Size: |
4096
|
|
85E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3330593051.000000000085E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85E000
|
Size: |
557056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745082728.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
877F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334668118.000000000877F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
877F000
|
Size: |
4096
|
|
D7A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330013638.0000000000D7A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
D7A000
|
Size: |
24576
|
|
3150000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329898205.0000000003150000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3150000
|
Size: |
4096
|
|
4CB7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148079373.0000000004CB7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4CB7000
|
Size: |
12288
|
|
836000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490810977.0000000000836000.00000004.00000001.01000000.00000012.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
836000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744328392.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
821000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000006.00000002.3330392217.0000000000821000.00000020.00000001.01000000.00000012.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
821000
|
Size: |
57344
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741101211.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
49AE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146743440.00000000049AE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
49AE000
|
Size: |
8192
|
|
2400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2491085927.0000000002400000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
2400000
|
Size: |
16384
|
|
58E4000
|
unclassified section
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3332259601.00000000058E4000.00000004.10000000.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page read and write
|
Base address: |
58E4000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2748948212.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
1861000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2639234132.0000000001861000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
1861000
|
Size: |
385024
|
|
5530000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148971483.0000000005530000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5530000
|
Size: |
249856
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743397868.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
326A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.000000000326A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
326A000
|
Size: |
12288
|
|
4E56000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2570438782.0000000004E56000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E56000
|
Size: |
458752
|
|
5DEF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3333667482.0000000005DEF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5DEF000
|
Size: |
4096
|
|
64C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2151199465.00000000064C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
64C0000
|
Size: |
53248
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745528218.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
DB0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2638702636.0000000000DB0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
DB0000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2746844281.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
150D000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2569051667.000000000150D000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
150D000
|
Size: |
458752
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
8A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142581334.00000000008A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8A0000
|
Size: |
4096
|
|
BCA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2568708832.0000000000BCA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BCA000
|
Size: |
24576
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2588016572.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
43A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2141876379.000000000043A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
43A000
|
Size: |
24576
|
|
2FB4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2575201322.0000000002FB4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2FB4000
|
Size: |
4096
|
|
62B39FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2860792147.00000062B39FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
62B39FF000
|
Size: |
4096
|
|
6010000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2149229424.0000000006010000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6010000
|
Size: |
65536
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742456612.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
80F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.00000000080F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80F1000
|
Size: |
65536
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744947411.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2746751194.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743421400.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
1150000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2638887840.0000000001150000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
1150000
|
Size: |
4096
|
|
572E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2149084029.000000000572E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
572E000
|
Size: |
8192
|
|
25635220000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2810088327.0000025635220000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25635220000
|
Size: |
4096
|
|
2CEE000
|
system
|
page execute and read and write
|
|
|
|
Name: |
00000008.00000002.3331513632.0000000002CEE000.00000040.80000000.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page execute and read and write
|
Base address: |
2CEE000
|
Size: |
4096
|
|
13E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2569051667.00000000013E0000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
13E0000
|
Size: |
1208320
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745810466.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743576854.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
813E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2153320651.000000000813E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
813E000
|
Size: |
8192
|
|
85FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334542318.00000000085FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
85FF000
|
Size: |
4096
|
|
60F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2150469966.00000000060F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
60F0000
|
Size: |
40960
|
|
33DC4000
|
system
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2859587382.0000000033DC4000.00000004.80000000.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page read and write
|
Base address: |
33DC4000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745608194.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
B1F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490918645.0000000000B1F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
B1F000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742631701.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
4E70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2584757117.0000000004E70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E70000
|
Size: |
172032
|
|
3209000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2751138670.0000000003209000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3209000
|
Size: |
4096
|
|
600E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2149207254.000000000600E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
600E000
|
Size: |
8192
|
|
2420000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3331234919.0000000002420000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2420000
|
Size: |
4096
|
|
6280000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2150677364.0000000006280000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6280000
|
Size: |
65536
|
|
899000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142357603.0000000000899000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
899000
|
Size: |
8192
|
|
256355A7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2810964487.00000256355A7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
256355A7000
|
Size: |
8192
|
|
4ECE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148703925.0000000004ECE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4ECE000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2757075072.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
4EA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3331777482.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4EA0000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742265130.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3B1A000
|
unclassified section
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2570491492.0000000003B1A000.00000040.10000000.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page execute and read and write
|
Base address: |
3B1A000
|
Size: |
10485760
|
|
80E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756221164.00000000080E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E4000
|
Size: |
4096
|
|
4CEA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148079373.0000000004CEA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4CEA000
|
Size: |
237568
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
256355C4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2810935021.00000256355C4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
256355C4000
|
Size: |
24576
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741124412.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743187429.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
31B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2569003457.00000000031B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31B3000
|
Size: |
24576
|
|
963000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142694203.0000000000963000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
963000
|
Size: |
188416
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
80EF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756221164.00000000080EF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80EF000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744690404.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741891043.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
537000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142002959.0000000000537000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
537000
|
Size: |
36864
|
|
86BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334603455.00000000086BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
86BE000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742892743.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
CF0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2638653079.0000000000CF0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
CF0000
|
Size: |
4096
|
|
325F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.000000000325F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
325F000
|
Size: |
12288
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742506349.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
607C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2149325462.000000000607C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
607C000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742290151.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
11D9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330811358.00000000011D9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11D9000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
4969000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146449118.0000000004969000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4969000
|
Size: |
4096
|
|
3521000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2144726413.0000000003521000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3521000
|
Size: |
929792
|
|
80AC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.00000000080AC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80AC000
|
Size: |
12288
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2746311702.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743643010.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
867F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334583284.000000000867F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
867F000
|
Size: |
4096
|
|
487A000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000006.00000002.3331504946.000000000487A000.00000040.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
487A000
|
Size: |
10485760
|
|
26B2000
|
unclassified section
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2570491492.00000000026B2000.00000040.10000000.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page execute and read and write
|
Base address: |
26B2000
|
Size: |
4096
|
|
49D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2147111117.00000000049D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
49D0000
|
Size: |
65536
|
|
8BB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2142677480.00000000008BB000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8BB000
|
Size: |
4096
|
|
80E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.00000000080E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E4000
|
Size: |
8192
|
|
25633A70000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2811011590.0000025633A70000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25633A70000
|
Size: |
4096
|
|
4D25000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148079373.0000000004D25000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4D25000
|
Size: |
90112
|
|
1730000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2570238702.0000000001730000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
1730000
|
Size: |
278528
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741637956.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
33C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3331378052.00000000033C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
33C0000
|
Size: |
16384
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331125801.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E0000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743963658.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
2430000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3331292308.0000000002430000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2430000
|
Size: |
8192
|
|
11BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2638992362.00000000011BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11BA000
|
Size: |
8192
|
|
B5C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143099470.0000000000B5C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
B5C000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2588472737.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
4DBD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148485869.0000000004DBD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4DBD000
|
Size: |
28672
|
|
7F7D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3333963637.0000000007F7D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
7F7D000
|
Size: |
12288
|
|
D00000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3329900260.0000000000D00000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
D00000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745145414.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
80E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756221164.00000000080E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E0000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741914756.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
25635501000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2861161914.0000025635501000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25635501000
|
Size: |
4096
|
|
839000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3330535294.0000000000839000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
839000
|
Size: |
61440
|
|
750000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490553852.0000000000750000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
750000
|
Size: |
4096
|
|
3290000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3331329990.0000000003290000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3290000
|
Size: |
4096
|
|
8A2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142596506.00000000008A2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8A2000
|
Size: |
4096
|
|
85BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334521751.00000000085BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
85BE000
|
Size: |
8192
|
|
4CE1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148079373.0000000004CE1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4CE1000
|
Size: |
4096
|
|
8085000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.0000000008085000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8085000
|
Size: |
8192
|
|
4B50000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2147883118.0000000004B50000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4B50000
|
Size: |
4096
|
|
4EC7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2570438782.0000000004EC7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4EC7000
|
Size: |
24576
|
|
DF0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2638784077.0000000000DF0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
DF0000
|
Size: |
4096
|
|
14D0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3331332165.00000000014D0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
14D0000
|
Size: |
36864
|
|
853C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334471285.000000000853C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
853C000
|
Size: |
16384
|
|
750000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3329839603.0000000000750000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
750000
|
Size: |
4096
|
|
2510000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143388716.0000000002510000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2510000
|
Size: |
4096
|
|
321D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2751138670.000000000321D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
321D000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
4D29000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2570438782.0000000004D29000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4D29000
|
Size: |
1196032
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
12E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2639064740.00000000012E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12E4000
|
Size: |
4096
|
|
2563540E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2861064717.000002563540E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2563540E000
|
Size: |
4096
|
|
2E78000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329558287.0000000002E78000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E78000
|
Size: |
32768
|
|
6290000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2150750174.0000000006290000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6290000
|
Size: |
65536
|
|
85A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490854727.000000000085A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85A000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742656482.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
4A03000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2147320349.0000000004A03000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4A03000
|
Size: |
8192
|
|
4CDE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148079373.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4CDE000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741664275.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
14DA000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2639136580.00000000014DA000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
14DA000
|
Size: |
32768
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744665646.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
4C90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148079373.0000000004C90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4C90000
|
Size: |
151552
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756856927.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
63B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2151110475.00000000063B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
63B0000
|
Size: |
8192
|
|
25633940000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2860929791.0000025633940000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25633940000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2749664709.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
31F8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.00000000031F8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31F8000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743858316.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
337C2000
|
system
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2859587382.00000000337C2000.00000004.80000000.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page read and write
|
Base address: |
337C2000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742840612.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
5222000
|
unclassified section
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3332259601.0000000005222000.00000004.10000000.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page read and write
|
Base address: |
5222000
|
Size: |
4096
|
|
839000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2638638010.0000000000839000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
839000
|
Size: |
61440
|
|
3223000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2753085933.0000000003223000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3223000
|
Size: |
8192
|
|
5510000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148929422.0000000005510000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5510000
|
Size: |
49152
|
|
884000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142323210.0000000000884000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
884000
|
Size: |
8192
|
|
16A6000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2569051667.00000000016A6000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
16A6000
|
Size: |
8192
|
|
820000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490744025.0000000000820000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
820000
|
Size: |
4096
|
|
451A000
|
unclassified section
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2570491492.000000000451A000.00000040.10000000.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page execute and read and write
|
Base address: |
451A000
|
Size: |
10350592
|
|
25635403000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2861064717.0000025635403000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25635403000
|
Size: |
16384
|
|
25633860000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2860914316.0000025633860000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25633860000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744254896.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
194000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2067409488.0000000000194000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
194000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
25635220000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2810048135.0000025635220000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25635220000
|
Size: |
4096
|
|
7F0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3330184762.00000000007F0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7F0000
|
Size: |
4096
|
|
1080000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2568962623.0000000001080000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1080000
|
Size: |
4096
|
|
14D0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2639136580.00000000014D0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
14D0000
|
Size: |
36864
|
|
4FF9000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.3331801207.0000000004FF9000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
4FF9000
|
Size: |
4096
|
|
8070000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.0000000008070000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8070000
|
Size: |
8192
|
|
780000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3330010383.0000000000780000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
780000
|
Size: |
4096
|
|
EB1000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490983348.0000000000EB1000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
EB1000
|
Size: |
385024
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742144334.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
31B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2568878090.00000000031B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31B3000
|
Size: |
24576
|
|
8088000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334049665.0000000008088000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8088000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3206000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.0000000003206000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3206000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2747644582.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
4A6E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2147505380.0000000004A6E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4A6E000
|
Size: |
8192
|
|
4990000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146743440.0000000004990000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4990000
|
Size: |
32768
|
|
4975000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146449118.0000000004975000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4975000
|
Size: |
4096
|
|
4C9C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2568481894.0000000004C9C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4C9C000
|
Size: |
512000
|
|
4E70000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3331754878.0000000004E70000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E70000
|
Size: |
4096
|
|
8B2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142645776.00000000008B2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8B2000
|
Size: |
4096
|
|
31A8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2569003457.00000000031A8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31A8000
|
Size: |
28672
|
|
735000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142209298.0000000000735000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
735000
|
Size: |
12288
|
|
31BC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.00000000031BC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31BC000
|
Size: |
118784
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
320B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.000000000320B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
320B000
|
Size: |
12288
|
|
2400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3331177032.0000000002400000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
2400000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741864037.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
ACC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2568672034.0000000000ACC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
ACC000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743274205.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
256339A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2860956942.00000256339A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
256339A0000
|
Size: |
12288
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745972196.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
31B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2568828457.00000000031B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31B3000
|
Size: |
24576
|
|
586E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2149163129.000000000586E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
586E000
|
Size: |
8192
|
|
52E2000
|
unclassified section
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3332259601.00000000052E2000.00000004.10000000.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page read and write
|
Base address: |
52E2000
|
Size: |
4096
|
|
64CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2151199465.00000000064CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
64CE000
|
Size: |
28672
|
|
83E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142248844.000000000083E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
83E000
|
Size: |
8192
|
|
8DA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142694203.00000000008DA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8DA000
|
Size: |
8192
|
|
1691000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2569051667.0000000001691000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
1691000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742778307.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741813370.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742341101.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3A0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490472703.00000000003A0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3A0000
|
Size: |
4096
|
|
14DD000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3331332165.00000000014DD000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
14DD000
|
Size: |
16384
|
|
4E52000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2570438782.0000000004E52000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E52000
|
Size: |
4096
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142153652.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744105642.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
8B7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2142662944.00000000008B7000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8B7000
|
Size: |
4096
|
|
836000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2638600349.0000000000836000.00000004.00000001.01000000.00000012.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
836000
|
Size: |
8192
|
|
8070000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2153000754.0000000008070000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
8070000
|
Size: |
569344
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745720700.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
60B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2149501077.00000000060B0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
60B0000
|
Size: |
65536
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743454553.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743600305.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
49B6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146743440.00000000049B6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
49B6000
|
Size: |
16384
|
|
2D69000
|
system
|
page execute and read and write
|
|
|
|
Name: |
00000008.00000002.3331513632.0000000002D69000.00000040.80000000.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page execute and read and write
|
Base address: |
2D69000
|
Size: |
167936
|
|
31B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2568930063.00000000031B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31B3000
|
Size: |
24576
|
|
11A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2638978655.00000000011A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11A0000
|
Size: |
8192
|
|
380000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3329447493.0000000000380000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
380000
|
Size: |
4096
|
|
390000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490454146.0000000000390000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
390000
|
Size: |
4096
|
|
770000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3329953471.0000000000770000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
770000
|
Size: |
20480
|
|
4C36000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2147949513.0000000004C36000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4C36000
|
Size: |
102400
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2757044502.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
68EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2152135906.00000000068EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
68EE000
|
Size: |
8192
|
|
1728000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2569051667.0000000001728000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
1728000
|
Size: |
16384
|
|
2FB4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2570811161.0000000002FB4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2FB4000
|
Size: |
4096
|
|
85E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2490854727.000000000085E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85E000
|
Size: |
90112
|
|
B2B000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3330872239.0000000000B2B000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B2B000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2745377053.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
73C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3329710830.000000000073C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
73C000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742411161.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
8DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142694203.00000000008DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8DE000
|
Size: |
155648
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743528848.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744028498.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742364564.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
7E1000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490670377.00000000007E1000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7E1000
|
Size: |
12288
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743833536.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
12F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2639117327.00000000012F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
12F0000
|
Size: |
20480
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743804149.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
5500000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2148876057.0000000005500000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
5500000
|
Size: |
65536
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743297569.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744887457.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
760000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490572050.0000000000760000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
760000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743760834.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
B2D000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3330872239.0000000000B2D000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
B2D000
|
Size: |
16384
|
|
820000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3329443856.0000000000820000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
820000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742531645.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
1170000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2638901526.0000000001170000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
1170000
|
Size: |
16384
|
|
3210000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.0000000003210000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3210000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742210620.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743349209.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
2FB0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329841656.0000000002FB0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2FB0000
|
Size: |
16384
|
|
DC0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2638713640.0000000000DC0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
DC0000
|
Size: |
4096
|
|
54EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2148826660.00000000054EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
54EE000
|
Size: |
8192
|
|
8D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142694203.00000000008D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8D0000
|
Size: |
36864
|
|
14CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331291727.00000000014CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
14CF000
|
Size: |
4096
|
|
88D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2142337876.000000000088D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
88D000
|
Size: |
4096
|
|
31B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.00000000031B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31B9000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741031438.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
2430000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2491140928.0000000002430000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2430000
|
Size: |
8192
|
|
890000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142357603.0000000000890000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
890000
|
Size: |
8192
|
|
DD0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000000.2638753992.0000000000DD0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
DD0000
|
Size: |
4096
|
|
2EA2000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000000.2639372370.0000000002EA2000.00000004.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2EA2000
|
Size: |
4096
|
|
55EC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3333539795.00000000055EC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
55EC000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743479303.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
6270000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2150618643.0000000006270000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6270000
|
Size: |
61440
|
|
461C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146396587.000000000461C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
461C000
|
Size: |
16384
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744922392.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
4980000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146683789.0000000004980000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4980000
|
Size: |
4096
|
|
ACF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2143044037.0000000000ACF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
ACF000
|
Size: |
4096
|
|
323E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.000000000323E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
323E000
|
Size: |
12288
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744383162.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
54FC000
|
unclassified section
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3332259601.00000000054FC000.00000004.10000000.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page read and write
|
Base address: |
54FC000
|
Size: |
1011712
|
|
3209000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.0000000003209000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3209000
|
Size: |
4096
|
|
D10000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3329956704.0000000000D10000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
D10000
|
Size: |
4096
|
|
49F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2147273043.00000000049F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
49F0000
|
Size: |
65536
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742086779.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
380000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490389156.0000000000380000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
380000
|
Size: |
4096
|
|
6F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2142171160.00000000006F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F0000
|
Size: |
16384
|
|
2CF6000
|
system
|
page execute and read and write
|
|
|
|
Name: |
00000008.00000002.3331513632.0000000002CF6000.00000040.80000000.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page execute and read and write
|
Base address: |
2CF6000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744861782.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
810000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3330240590.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
810000
|
Size: |
8192
|
|
60A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2149449401.00000000060A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
60A0000
|
Size: |
65536
|
|
31AE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2568878090.00000000031AE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31AE000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2575093254.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
237568
|
|
740000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490537641.0000000000740000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
740000
|
Size: |
4096
|
|
63A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3329653661.000000000063A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
63A000
|
Size: |
24576
|
|
11BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330811358.00000000011BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
11BA000
|
Size: |
8192
|
|
3266000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.0000000003266000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3266000
|
Size: |
8192
|
|
5212000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.3331801207.0000000005212000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
5212000
|
Size: |
40960
|
|
821000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000008.00000002.3329592917.0000000000821000.00000020.00000001.01000000.00000012.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
821000
|
Size: |
57344
|
|
7EF0000
|
trusted library section
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2152353355.0000000007EF0000.00000004.08000000.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library section
|
Protect: |
page read and write
|
Base address: |
7EF0000
|
Size: |
729088
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742029815.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
67AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2152073989.00000000067AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
67AE000
|
Size: |
8192
|
|
499B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2146743440.000000000499B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
499B000
|
Size: |
69632
|
|
EB1000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3331053546.0000000000EB1000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
EB1000
|
Size: |
385024
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
DF0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3330302877.0000000000DF0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
DF0000
|
Size: |
4096
|
|
2EA2000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331926248.0000000002EA2000.00000004.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2EA2000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2757016957.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
317C000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000008.00000002.3331926248.000000000317C000.00000004.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
317C000
|
Size: |
1011712
|
|
25633A73000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2811011590.0000025633A73000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25633A73000
|
Size: |
28672
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742971979.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
82F000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000000.2490791542.000000000082F000.00000002.00000001.01000000.00000012.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
82F000
|
Size: |
28672
|
|
62B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2150928483.00000000062B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
62B0000
|
Size: |
12288
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2743248992.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
68AF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2152109973.00000000068AF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
68AF000
|
Size: |
4096
|
|
6A0C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2152187320.0000000006A0C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A0C000
|
Size: |
8192
|
|
25633770000
|
system
|
page execute and read and write
|
|
|
|
Name: |
00000009.00000002.2860832735.0000025633770000.00000040.80000000.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page execute and read and write
|
Base address: |
25633770000
|
Size: |
303104
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742001081.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2742186746.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
256355CE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2810919381.00000256355CE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
256355CE000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2744422386.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
4096
|
|
3242000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3329955596.0000000003242000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3242000
|
Size: |
4096
|
|
25633A40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2860971200.0000025633A40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25633A40000
|
Size: |
24576
|
|
7FE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2152900129.0000000007FE0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7FE0000
|
Size: |
65536
|
|
80F2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2756221164.00000000080F2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80F2000
|
Size: |
4096
|
|
836000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3330482249.0000000000836000.00000004.00000001.01000000.00000012.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
836000
|
Size: |
8192
|
|
25635412000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2861064717.0000025635412000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25635412000
|
Size: |
8192
|
|
3E7A000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000006.00000002.3331504946.0000000003E7A000.00000040.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
3E7A000
|
Size: |
10485760
|
|
16AD000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2569051667.00000000016AD000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
16AD000
|
Size: |
4096
|
|
271A000
|
unclassified section
|
page execute and read and write
|
|
|
|
Name: |
00000003.00000002.2570491492.000000000271A000.00000040.10000000.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page execute and read and write
|
Base address: |
271A000
|
Size: |
10485760
|
|
2420000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000006.00000000.2491114074.0000000002420000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2420000
|
Size: |
4096
|
|
3291000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2741942235.0000000003291000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3291000
|
Size: |
8192
|
|
31B9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000003.2568980626.00000000031B9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31B9000
|
Size: |
20480
|
|
E7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2568774834.0000000000E7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
E7E000
|
Size: |
8192
|
|
A2000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2067314888.00000000000A2000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
A2000
|
Size: |
987136
|
|
14DB000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000008.00000002.3331332165.00000000014DB000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
14DB000
|
Size: |
4096
|
|
69EF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2152163622.00000000069EF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
69EF000
|
Size: |
4096
|
|
3A0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000006.00000002.3329597032.00000000003A0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3A0000
|
Size: |
4096
|
|
2D06000
|
system
|
page execute and read and write
|
|
|
|
Name: |
00000008.00000002.3331513632.0000000002D06000.00000040.80000000.00040000.00000000.sdmp
|
TargetID: |
8
|
Dumpstage: |
process exit
|
Regiontype: |
system
|
Protect: |
page execute and read and write
|
Base address: |
2D06000
|
Size: |
4096
|
|
533C000
|
unclassified section
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3332259601.000000000533C000.00000004.10000000.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page read and write
|
Base address: |
533C000
|
Size: |
4096
|
|
857D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.3334497290.000000000857D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
857D000
|
Size: |
12288
|
|
850000
|
heap
|
page read and write
|
|
|
|
Name: |
00000006.00000002.3330593051.0000000000850000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
6
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
850000
|
Size: |
32768
|
|