|
8300000
|
trusted library section
|
page read and write
|
 |
|
|
| Name: |
00000008.00000002.1255800370.0000000008300000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
8300000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
8000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218596015.0000000008000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8000000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
6B05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1253654615.0000000006B05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B05000
|
| Size: |
1277952
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
8050000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254821424.0000000008050000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
8050000
|
| Size: |
634880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
502000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000000.1104410573.0000000000502000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
502000
|
| Size: |
249856
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108437362.0000000005200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5200000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
8000000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110596503.0000000008000000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
8000000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
7E00000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110396066.0000000007E00000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7E00000
|
| Size: |
634880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
7E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099615040.0000000007E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E00000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
6739000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1109303552.0000000006739000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6739000
|
| Size: |
1064960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
6841000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1109303552.0000000006841000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6841000
|
| Size: |
1560576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
28C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.00000000028C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28C1000
|
| Size: |
696320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
962000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1105739929.0000000000962000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
962000
|
| Size: |
192512
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
69BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1109303552.00000000069BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
69BF000
|
| Size: |
303104
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5600000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252579503.0000000005600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5600000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
2E26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002E26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E26000
|
| Size: |
618496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6705000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1109303552.0000000006705000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6705000
|
| Size: |
208896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6C41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1253654615.0000000006C41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C41000
|
| Size: |
987136
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2FDB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002FDB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FDB000
|
| Size: |
4096
|
|
|
2A7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002A7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A7F000
|
| Size: |
12288
|
|
|
1020000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397870903.0000000001020000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1020000
|
| Size: |
8192
|
|
|
12CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398865875.00000000012CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12CB000
|
| Size: |
65536
|
|
|
7A6B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3565486710.0000000007A6B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A6B000
|
| Size: |
20480
|
|
|
8170000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220183737.0000000008170000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8170000
|
| Size: |
65536
|
|
|
16FD000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1083333689.00000000016FD000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
16FD000
|
| Size: |
4096
|
|
|
30CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107420736.00000000030CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30CC000
|
| Size: |
28672
|
|
|
80C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100431079.00000000080C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80C0000
|
| Size: |
65536
|
|
|
7F10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102539529.0000000007F10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F10000
|
| Size: |
65536
|
|
|
1326C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3570541066.000000001326C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1326C000
|
| Size: |
16384
|
|
|
4013000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1093676046.0000000004013000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4013000
|
| Size: |
507904
|
|
|
719E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407118853.000000000719E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
719E000
|
| Size: |
8192
|
|
|
70DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406870051.00000000070DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70DE000
|
| Size: |
8192
|
|
|
861E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1256145098.000000000861E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
861E000
|
| Size: |
8192
|
|
|
3100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251113622.0000000003100000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3100000
|
| Size: |
4096
|
|
|
39D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.00000000039D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39D8000
|
| Size: |
81920
|
|
|
105F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398023426.000000000105F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
105F000
|
| Size: |
24576
|
|
|
82EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110775093.00000000082EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
82EE000
|
| Size: |
8192
|
|
|
76A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407406194.00000000076A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76A6000
|
| Size: |
12288
|
|
|
F6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083043127.0000000000F6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F6E000
|
| Size: |
8192
|
|
|
6FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406580585.0000000006FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FF0000
|
| Size: |
65536
|
|
|
7708000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1109786778.0000000007708000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7708000
|
| Size: |
4096
|
|
|
13A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1082828721.00000000013A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A5000
|
| Size: |
131072
|
|
|
3BD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BD8000
|
| Size: |
81920
|
|
|
7DD5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110165109.0000000007DD5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DD5000
|
| Size: |
36864
|
|
|
5B5B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558058838.0000000005B5B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B5B000
|
| Size: |
20480
|
|
|
5B58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B58000
|
| Size: |
4096
|
|
|
2ECC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002ECC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ECC000
|
| Size: |
12288
|
|
|
6E11000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406012780.0000000006E11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E11000
|
| Size: |
118784
|
|
|
115A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1398409554.000000000115A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
115A000
|
| Size: |
20480
|
|
|
3FF3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1214008863.0000000003FF3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FF3000
|
| Size: |
507904
|
|
|
1436000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1086127298.0000000001436000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1436000
|
| Size: |
49152
|
|
|
B87000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549687856.0000000000B87000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B87000
|
| Size: |
24576
|
|
|
5093000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1251960906.0000000005093000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5093000
|
| Size: |
4096
|
|
|
6FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406499308.0000000006FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FE0000
|
| Size: |
4096
|
|
|
8120000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254947296.0000000008120000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8120000
|
| Size: |
4096
|
|
|
509D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1252007626.000000000509D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
509D000
|
| Size: |
4096
|
|
|
6120000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558464829.0000000006120000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6120000
|
| Size: |
36864
|
|
|
7FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100603623.0000000007FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB0000
|
| Size: |
65536
|
|
|
8120000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221322151.0000000008120000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8120000
|
| Size: |
65536
|
|
|
4E01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108295599.0000000004E01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E01000
|
| Size: |
16384
|
|
|
4D7B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1108174507.0000000004D7B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D7B000
|
| Size: |
4096
|
|
|
1601000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1201795500.0000000001601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1601000
|
| Size: |
131072
|
|
|
3ED0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215302924.0000000003ED0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3ED0000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4D21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556701751.0000000004D21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D21000
|
| Size: |
16384
|
|
|
AD5D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3568497936.000000000AD5D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD5D000
|
| Size: |
8192
|
|
|
5301000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108510829.0000000005301000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5301000
|
| Size: |
12288
|
|
|
7F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102315237.0000000007F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F60000
|
| Size: |
131072
|
|
|
12A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1098983171.00000000012A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A0000
|
| Size: |
4096
|
|
|
7FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100542326.0000000007FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD0000
|
| Size: |
65536
|
|
|
61AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404777397.00000000061AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61AB000
|
| Size: |
12288
|
|
|
6B01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1253654615.0000000006B01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B01000
|
| Size: |
8192
|
|
|
85AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1111118758.00000000085AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
85AD000
|
| Size: |
12288
|
|
|
4070000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1214609396.0000000004070000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4070000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
22A41150000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202194305.0000022A41150000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A41150000
|
| Size: |
4096
|
|
|
7DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110375908.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DF0000
|
| Size: |
65536
|
|
|
61BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558787439.00000000061BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61BF000
|
| Size: |
8192
|
|
|
3998000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003998000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3998000
|
| Size: |
81920
|
|
|
2460000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083396370.0000000002460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2460000
|
| Size: |
8192
|
|
|
66BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559865206.00000000066BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66BC000
|
| Size: |
16384
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1250929853.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
AC4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000000.1082033016.0000000000AC4000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AC4000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
7FFC0C611000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.1202561363.00007FFC0C611000.00000020.00000001.01000000.0000000C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFC0C611000
|
| Size: |
86016
|
|
|
425D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1216583312.000000000425D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
425D000
|
| Size: |
458752
|
|
|
6701000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1109303552.0000000006701000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6701000
|
| Size: |
8192
|
|
|
6C70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3560456986.0000000006C70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C70000
|
| Size: |
5242880
|
|
|
22A412C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1201470843.0000022A412C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A412C4000
|
| Size: |
344064
|
|
|
40B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1216346196.00000000040B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40B3000
|
| Size: |
507904
|
|
|
83E9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219606452.00000000083E9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83E9000
|
| Size: |
28672
|
|
|
5775000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403076271.0000000005775000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5775000
|
| Size: |
4096
|
|
|
5242000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402322700.0000000005242000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5242000
|
| Size: |
12288
|
|
|
101F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397849522.000000000101F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
101F000
|
| Size: |
4096
|
|
|
A10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1098458416.0000000000A10000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A10000
|
| Size: |
4096
|
|
|
2ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED0000
|
| Size: |
16384
|
|
|
15F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1204923675.00000000015F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F0000
|
| Size: |
16384
|
|
|
DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1217984467.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC0000
|
| Size: |
4096
|
|
|
81B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219910860.00000000081B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81B0000
|
| Size: |
65536
|
|
|
5751000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402810462.0000000005751000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5751000
|
| Size: |
32768
|
|
|
8008000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000008008000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8008000
|
| Size: |
4096
|
|
|
7EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102622110.0000000007EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF0000
|
| Size: |
65536
|
|
|
1167000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1398500811.0000000001167000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1167000
|
| Size: |
4096
|
|
|
8130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220297179.0000000008130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8130000
|
| Size: |
65536
|
|
|
8150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220248456.0000000008150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8150000
|
| Size: |
65536
|
|
|
4013000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094644180.0000000004013000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4013000
|
| Size: |
507904
|
|
|
64BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559644907.00000000064BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
64BC000
|
| Size: |
16384
|
|
|
B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549618628.0000000000B60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B60000
|
| Size: |
20480
|
|
|
22A41260000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202250085.0000022A41260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A41260000
|
| Size: |
69632
|
|
|
F118CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202063924.000000F118CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F118CFE000
|
| Size: |
8192
|
|
|
8110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221356723.0000000008110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8110000
|
| Size: |
65536
|
|
|
2E02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1106996247.0000000002E02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E02000
|
| Size: |
24576
|
|
|
64D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559744033.00000000064D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
64D6000
|
| Size: |
40960
|
|
|
636D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559266093.000000000636D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
636D000
|
| Size: |
12288
|
|
|
32EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.00000000032EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32EB000
|
| Size: |
16384
|
|
|
920000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3548467518.0000000000920000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
920000
|
| Size: |
16384
|
|
|
5230000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402301747.0000000005230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5230000
|
| Size: |
4096
|
|
|
6B40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405251365.0000000006B40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B40000
|
| Size: |
4096
|
|
|
61D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558920218.00000000061D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61D6000
|
| Size: |
4096
|
|
|
81F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1255147479.00000000081F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
81F0000
|
| Size: |
28672
|
|
|
50A4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252048495.00000000050A4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50A4000
|
| Size: |
24576
|
|
|
D7F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1070640710.0000000000D7F000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D7F000
|
| Size: |
147456
|
|
|
25D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550005189.00000000025D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25D0000
|
| Size: |
45056
|
|
|
2C70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399169142.0000000002C70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C70000
|
| Size: |
16384
|
|
|
8180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221103665.0000000008180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8180000
|
| Size: |
65536
|
|
|
5BAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005BAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5BAB000
|
| Size: |
40960
|
|
|
6FC3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406472128.0000000006FC3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FC3000
|
| Size: |
12288
|
|
|
143E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1083689527.000000000143E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
143E000
|
| Size: |
90112
|
|
|
2F94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F94000
|
| Size: |
221184
|
|
|
114D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1398307673.000000000114D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
114D000
|
| Size: |
4096
|
|
|
6840000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3560007365.0000000006840000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6840000
|
| Size: |
65536
|
|
|
575C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.000000000575C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
575C000
|
| Size: |
4096
|
|
|
302C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107117093.000000000302C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
302C000
|
| Size: |
4096
|
|
|
8400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219544717.0000000008400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8400000
|
| Size: |
65536
|
|
|
41B9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1093819108.00000000041B9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41B9000
|
| Size: |
4096
|
|
|
50CB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1252255513.00000000050CB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50CB000
|
| Size: |
4096
|
|
|
307D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099300795.000000000307D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
307D000
|
| Size: |
8192
|
|
|
427D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1097603950.000000000427D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
427D000
|
| Size: |
458752
|
|
|
427D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1095922499.000000000427D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
427D000
|
| Size: |
458752
|
|
|
80E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100385526.00000000080E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80E0000
|
| Size: |
65536
|
|
|
6E41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406196273.0000000006E41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E41000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
|
CF1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1082392111.0000000000CF1000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
CF1000
|
| Size: |
581632
|
|
|
8004000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000008004000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8004000
|
| Size: |
8192
|
|
|
3F7A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1075824367.0000000003F7A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F7A000
|
| Size: |
786432
|
|
|
22A412AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202337848.0000022A412AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A412AF000
|
| Size: |
8192
|
|
|
3485000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218400196.0000000003485000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3485000
|
| Size: |
12288
|
|
|
3317000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000003317000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3317000
|
| Size: |
8192
|
|
|
3000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107019808.0000000003000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3000000
|
| Size: |
69632
|
|
|
DB7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1070724392.0000000000DB7000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DB7000
|
| Size: |
856064
|
|
|
CF1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1070583636.0000000000CF1000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
CF1000
|
| Size: |
581632
|
|
|
169E000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1218454688.000000000169E000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
169E000
|
| Size: |
4096
|
|
|
5B54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B54000
|
| Size: |
4096
|
|
|
22A412B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1201543442.0000022A412B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A412B1000
|
| Size: |
61440
|
|
|
8410000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219516587.0000000008410000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8410000
|
| Size: |
65536
|
|
|
AD7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1217790433.0000000000AD7000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AD7000
|
| Size: |
856064
|
|
|
D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1217931452.0000000000D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D7E000
|
| Size: |
8192
|
|
|
A9F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000000.1082033016.0000000000A9F000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A9F000
|
| Size: |
147456
|
|
|
ACE000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000001.00000000.1082087545.0000000000ACE000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
ACE000
|
| Size: |
8192
|
|
|
8190000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219977745.0000000008190000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8190000
|
| Size: |
65536
|
|
|
42CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1217214138.00000000042CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42CE000
|
| Size: |
24576
|
|
|
AC3A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3567465830.000000000AC3A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AC3A000
|
| Size: |
65536
|
|
|
84C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219241206.00000000084C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
84C0000
|
| Size: |
28672
|
|
|
363E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251712257.000000000363E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
363E000
|
| Size: |
8192
|
|
|
143D000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1099212159.000000000143D000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
143D000
|
| Size: |
4096
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100662007.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
65536
|
|
|
2770000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3550451523.0000000002770000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2770000
|
| Size: |
65536
|
|
|
AC24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3567342527.000000000AC24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AC24000
|
| Size: |
28672
|
|
|
5770000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403076271.0000000005770000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
7F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100847205.0000000007F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F20000
|
| Size: |
65536
|
|
|
81A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221034214.00000000081A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81A0000
|
| Size: |
20480
|
|
|
8022000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000008022000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8022000
|
| Size: |
8192
|
|
|
6DC5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405516511.0000000006DC5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DC5000
|
| Size: |
4096
|
|
|
5780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403167337.0000000005780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5780000
|
| Size: |
65536
|
|
|
5B28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B28000
|
| Size: |
4096
|
|
|
3462000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220433444.0000000003462000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3462000
|
| Size: |
40960
|
|
|
E0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397778012.0000000000E0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E0E000
|
| Size: |
8192
|
|
|
50C7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1252233117.00000000050C7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50C7000
|
| Size: |
4096
|
|
|
12C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398865875.00000000012C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12C4000
|
| Size: |
16384
|
|
|
788E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407440220.000000000788E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
788E000
|
| Size: |
8192
|
|
|
82FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1255682852.00000000082FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
82FF000
|
| Size: |
4096
|
|
|
527A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402464250.000000000527A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
527A000
|
| Size: |
24576
|
|
|
4D90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108195547.0000000004D90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D90000
|
| Size: |
4096
|
|
|
4D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557114615.0000000004D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D50000
|
| Size: |
65536
|
|
|
1C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099253662.0000000001C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C0E000
|
| Size: |
8192
|
|
|
3F90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1216346196.0000000003F90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F90000
|
| Size: |
1187840
|
|
|
121B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1098894858.000000000121B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
121B000
|
| Size: |
20480
|
|
|
5400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252504564.0000000005400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5400000
|
| Size: |
4096
|
|
|
3E10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218631361.0000000003E10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3E10000
|
| Size: |
741376
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
6B3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405225417.0000000006B3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B3E000
|
| Size: |
8192
|
|
|
39F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.00000000039F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39F8000
|
| Size: |
4096
|
|
|
63D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3559479139.00000000063D0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
63D0000
|
| Size: |
65536
|
|
|
265E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550295833.000000000265E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
265E000
|
| Size: |
8192
|
|
|
7F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100707793.0000000007F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F60000
|
| Size: |
65536
|
|
|
5270000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557607450.0000000005270000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
8721000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1222223740.0000000008721000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8721000
|
| Size: |
61440
|
|
|
F118AF9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202023309.000000F118AF9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F118AF9000
|
| Size: |
28672
|
|
|
420E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1213687273.000000000420E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
420E000
|
| Size: |
24576
|
|
|
13EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218028498.00000000013EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13EF000
|
| Size: |
4096
|
|
|
1696000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218421827.0000000001696000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1696000
|
| Size: |
4096
|
|
|
3E30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1087556216.0000000003E30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E30000
|
| Size: |
786432
|
|
|
763D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407304605.000000000763D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
763D000
|
| Size: |
12288
|
|
|
3474000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218233315.0000000003474000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3474000
|
| Size: |
8192
|
|
|
ACFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3567611945.000000000ACFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ACFA000
|
| Size: |
8192
|
|
|
50AD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1252075895.00000000050AD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50AD000
|
| Size: |
4096
|
|
|
25F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550185660.00000000025F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25F2000
|
| Size: |
4096
|
|
|
54CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402686192.00000000054CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54CE000
|
| Size: |
8192
|
|
|
4B8000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1106669294.00000000004B8000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
4B8000
|
| Size: |
4096
|
|
|
AD2000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.1201281907.0000000000AD2000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
AD2000
|
| Size: |
8192
|
|
|
AD7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1201311509.0000000000AD7000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AD7000
|
| Size: |
856064
|
|
|
83E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219606452.00000000083E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83E0000
|
| Size: |
32768
|
|
|
120E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398720361.000000000120E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
120E000
|
| Size: |
8192
|
|
|
3A09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003A09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A09000
|
| Size: |
12288
|
|
|
B16000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549368324.0000000000B16000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B16000
|
| Size: |
8192
|
|
|
7B3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1253884699.0000000007B3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B3C000
|
| Size: |
16384
|
|
|
25DD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3550047328.00000000025DD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
25DD000
|
| Size: |
4096
|
|
|
3400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251176003.0000000003400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3400000
|
| Size: |
69632
|
|
|
5BDC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558122593.0000000005BDC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BDC000
|
| Size: |
16384
|
|
|
73C40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1111365340.0000000073C40000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C40000
|
| Size: |
4096
|
|
|
4DF0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1108268073.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DF0000
|
| Size: |
57344
|
|
|
4090000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1093819108.0000000004090000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4090000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1074000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398023426.0000000001074000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1074000
|
| Size: |
53248
|
|
|
3480000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218348660.0000000003480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3480000
|
| Size: |
8192
|
|
|
A77000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3548678862.0000000000A77000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A77000
|
| Size: |
106496
|
|
|
16F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083314350.00000000016F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16F3000
|
| Size: |
8192
|
|
|
288E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550530405.000000000288E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
288E000
|
| Size: |
8192
|
|
|
3328000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000003328000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3328000
|
| Size: |
8192
|
|
|
4D6A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1108092193.0000000004D6A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D6A000
|
| Size: |
4096
|
|
|
22A412C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1201639933.0000022A412C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A412C4000
|
| Size: |
339968
|
|
|
7FF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000007FF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF6000
|
| Size: |
4096
|
|
|
6CB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405356420.0000000006CB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CB0000
|
| Size: |
270336
|
|
|
3100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107674058.0000000003100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3100000
|
| Size: |
20480
|
|
|
4DA0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1108221331.0000000004DA0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4DA0000
|
| Size: |
4096
|
|
|
F1192FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202138869.000000F1192FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F1192FE000
|
| Size: |
8192
|
|
|
2B28000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1106796643.0000000002B28000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B28000
|
| Size: |
32768
|
|
|
5739000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005739000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5739000
|
| Size: |
4096
|
|
|
3078000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251052917.0000000003078000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3078000
|
| Size: |
32768
|
|
|
81E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220926096.00000000081E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81E0000
|
| Size: |
65536
|
|
|
1ECE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083365180.0000000001ECE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1ECE000
|
| Size: |
8192
|
|
|
3021000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1098150525.0000000003021000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3021000
|
| Size: |
36864
|
|
|
2750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550430232.0000000002750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2750000
|
| Size: |
4096
|
|
|
5790000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403205828.0000000005790000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5790000
|
| Size: |
65536
|
|
|
4199000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1213687273.0000000004199000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4199000
|
| Size: |
4096
|
|
|
73C5D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1111581743.0000000073C5D000.00000004.00000001.01000000.0000000A.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
73C5D000
|
| Size: |
8192
|
|
|
CDA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1082358474.0000000000CDA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CDA000
|
| Size: |
24576
|
|
|
7130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406997484.0000000007130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7130000
|
| Size: |
28672
|
|
|
42EE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1095922499.00000000042EE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42EE000
|
| Size: |
24576
|
|
|
419D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1214609396.000000000419D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
419D000
|
| Size: |
458752
|
|
|
3FB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1097965760.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
577B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403076271.000000000577B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
577B000
|
| Size: |
8192
|
|
|
2BE1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002BE1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BE1000
|
| Size: |
167936
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7EA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1101151019.0000000007EA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EA6000
|
| Size: |
40960
|
|
|
6870000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3560132807.0000000006870000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6870000
|
| Size: |
8192
|
|
|
8480000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219337922.0000000008480000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8480000
|
| Size: |
4096
|
|
|
6B43000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405251365.0000000006B43000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B43000
|
| Size: |
8192
|
|
|
F118BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202044190.000000F118BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F118BFE000
|
| Size: |
8192
|
|
|
143D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1087110295.000000000143D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
143D000
|
| Size: |
69632
|
|
|
A30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3548629290.0000000000A30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A30000
|
| Size: |
8192
|
|
|
8019000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000008019000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8019000
|
| Size: |
4096
|
|
|
137B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099066197.000000000137B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
137B000
|
| Size: |
159744
|
|
|
A801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1222398652.000000000A801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A801000
|
| Size: |
86016
|
|
|
4B8000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1250929853.00000000004B8000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
4B8000
|
| Size: |
4096
|
|
|
50C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252188276.00000000050C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50C0000
|
| Size: |
4096
|
|
|
7F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102405876.0000000007F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F40000
|
| Size: |
65536
|
|
|
26B8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550380921.00000000026B8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26B8000
|
| Size: |
8192
|
|
|
5EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403473108.0000000005EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EC0000
|
| Size: |
65536
|
|
|
5B0E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B0E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B0E000
|
| Size: |
53248
|
|
|
38B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.00000000038B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38B9000
|
| Size: |
172032
|
|
|
6C9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405331787.0000000006C9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C9D000
|
| Size: |
12288
|
|
|
25F5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3550209324.00000000025F5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
25F5000
|
| Size: |
4096
|
|
|
2B95000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002B95000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B95000
|
| Size: |
307200
|
|
|
8122000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254947296.0000000008122000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8122000
|
| Size: |
4096
|
|
|
1348000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099066197.0000000001348000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1348000
|
| Size: |
180224
|
|
|
41B9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094346445.00000000041B9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41B9000
|
| Size: |
4096
|
|
|
3305000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000003305000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3305000
|
| Size: |
8192
|
|
|
F1191FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202117266.000000F1191FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F1191FD000
|
| Size: |
12288
|
|
|
120E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1098894858.000000000120E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
120E000
|
| Size: |
8192
|
|
|
70D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406870051.00000000070D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70D0000
|
| Size: |
53248
|
|
|
2CBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002CBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CBA000
|
| Size: |
196608
|
|
|
2F89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F89000
|
| Size: |
16384
|
|
|
61B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558787439.00000000061B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61B4000
|
| Size: |
32768
|
|
|
501F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108402142.000000000501F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
501F000
|
| Size: |
4096
|
|
|
5040000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251866276.0000000005040000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5040000
|
| Size: |
4096
|
|
|
143E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1087517849.000000000143E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
143E000
|
| Size: |
65536
|
|
|
5275000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402464250.0000000005275000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5275000
|
| Size: |
8192
|
|
|
1661000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1071599096.0000000001661000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1661000
|
| Size: |
131072
|
|
|
5726000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005726000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5726000
|
| Size: |
12288
|
|
|
618A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404643365.000000000618A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
618A000
|
| Size: |
40960
|
|
|
303C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107174290.000000000303C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
303C000
|
| Size: |
4096
|
|
|
3A98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003A98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A98000
|
| Size: |
81920
|
|
|
116B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1398525297.000000000116B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
116B000
|
| Size: |
8192
|
|
|
2BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1106963705.0000000002BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BF0000
|
| Size: |
4096
|
|
|
5EE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1403567293.0000000005EE0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5EE0000
|
| Size: |
65536
|
|
|
50B6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1252141430.00000000050B6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50B6000
|
| Size: |
8192
|
|
|
621D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559183467.000000000621D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
621D000
|
| Size: |
8192
|
|
|
8F8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3548393895.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8F8000
|
| Size: |
32768
|
|
|
50B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252121577.00000000050B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50B2000
|
| Size: |
4096
|
|
|
7FDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1253982042.0000000007FDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7FDE000
|
| Size: |
8192
|
|
|
5360000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557887283.0000000005360000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5360000
|
| Size: |
28672
|
|
|
52F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557671078.00000000052F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52F0000
|
| Size: |
32768
|
|
|
4199000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1214609396.0000000004199000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4199000
|
| Size: |
4096
|
|
|
1040000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397972063.0000000001040000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1040000
|
| Size: |
49152
|
|
|
5350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557821651.0000000005350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
5743000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005743000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5743000
|
| Size: |
4096
|
|
|
4D30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107881273.0000000004D30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D30000
|
| Size: |
8192
|
|
|
CF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1070566906.0000000000CF0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CF0000
|
| Size: |
4096
|
|
|
3AF8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003AF8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AF8000
|
| Size: |
81920
|
|
|
D57000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397714676.0000000000D57000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D57000
|
| Size: |
36864
|
|
|
2F6D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F6D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F6D000
|
| Size: |
4096
|
|
|
1030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397889756.0000000001030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1030000
|
| Size: |
12288
|
|
|
AD10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3568497936.000000000AD10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD10000
|
| Size: |
249856
|
|
|
7FFC0C630000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202596700.00007FFC0C630000.00000004.00000001.01000000.0000000C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFC0C630000
|
| Size: |
8192
|
|
|
8050000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218804758.0000000008050000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8050000
|
| Size: |
40960
|
|
|
7EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102678328.0000000007EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE0000
|
| Size: |
65536
|
|
|
39E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1201658038.00000000039E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39E9000
|
| Size: |
786432
|
|
|
4DB0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3557215993.0000000004DB0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4DB0000
|
| Size: |
4096
|
|
|
425D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1217214138.000000000425D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
425D000
|
| Size: |
458752
|
|
|
3023000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000003023000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3023000
|
| Size: |
2883584
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556701751.0000000004D0E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D0E000
|
| Size: |
12288
|
|
|
618B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558630313.000000000618B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
618B000
|
| Size: |
49152
|
|
|
647E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559617322.000000000647E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
647E000
|
| Size: |
8192
|
|
|
6DA5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405516511.0000000006DA5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DA5000
|
| Size: |
12288
|
|
|
52D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402586052.00000000052D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52D0000
|
| Size: |
36864
|
|
|
12ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398865875.00000000012ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12ED000
|
| Size: |
69632
|
|
|
1608000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083196807.0000000001608000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1608000
|
| Size: |
118784
|
|
|
6FBD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406423595.0000000006FBD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FBD000
|
| Size: |
12288
|
|
|
6200000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1404977005.0000000006200000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6200000
|
| Size: |
16384
|
|
|
1082000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398023426.0000000001082000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1082000
|
| Size: |
413696
|
|
|
4CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107837218.0000000004CF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CF0000
|
| Size: |
4096
|
|
|
7FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100488005.0000000007FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF0000
|
| Size: |
32768
|
|
|
77DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1109811471.00000000077DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
77DE000
|
| Size: |
8192
|
|
|
12FAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3569937464.0000000012FAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12FAB000
|
| Size: |
20480
|
|
|
A11000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000001.00000002.1098480621.0000000000A11000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A11000
|
| Size: |
581632
|
|
|
5F80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1403848961.0000000005F80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5F80000
|
| Size: |
65536
|
|
|
12EAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3569818212.0000000012EAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12EAB000
|
| Size: |
20480
|
|
|
11CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398695871.00000000011CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11CE000
|
| Size: |
4096
|
|
|
3462000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221389101.0000000003462000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3462000
|
| Size: |
32768
|
|
|
4FBC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557328656.0000000004FBC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FBC000
|
| Size: |
16384
|
|
|
30E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107606858.00000000030E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30E5000
|
| Size: |
12288
|
|
|
5B69000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B69000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B69000
|
| Size: |
266240
|
|
|
50A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252025100.00000000050A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50A0000
|
| Size: |
8192
|
|
|
3512000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251554819.0000000003512000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3512000
|
| Size: |
262144
|
|
|
6207000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559100140.0000000006207000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6207000
|
| Size: |
16384
|
|
|
39B8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.00000000039B8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39B8000
|
| Size: |
81920
|
|
|
A10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1201172347.0000000000A10000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A10000
|
| Size: |
4096
|
|
|
6E55000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406231688.0000000006E55000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E55000
|
| Size: |
20480
|
|
|
16FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1075788692.00000000016FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16FE000
|
| Size: |
65536
|
|
|
7FF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100488005.0000000007FF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF9000
|
| Size: |
28672
|
|
|
4150000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1098164908.0000000004150000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4150000
|
| Size: |
1196032
|
|
|
4070000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1213687273.0000000004070000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4070000
|
| Size: |
1196032
|
|
|
2DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DB0000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
ABB2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3566318401.000000000ABB2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ABB2000
|
| Size: |
61440
|
|
|
1600000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083196807.0000000001600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1600000
|
| Size: |
24576
|
|
|
4CEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107816622.0000000004CEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CEF000
|
| Size: |
4096
|
|
|
D7F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1082454449.0000000000D7F000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D7F000
|
| Size: |
147456
|
|
|
64D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559744033.00000000064D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
64D0000
|
| Size: |
20480
|
|
|
34B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221870549.00000000034B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34B9000
|
| Size: |
16384
|
|
|
1128000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398253138.0000000001128000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1128000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
91AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3566015952.00000000091AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
91AC000
|
| Size: |
16384
|
|
|
683C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559973254.000000000683C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
683C000
|
| Size: |
16384
|
|
|
3074000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099196745.0000000003074000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3074000
|
| Size: |
106496
|
|
|
73C5F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.1407818652.0000000073C5F000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C5F000
|
| Size: |
12288
|
|
|
DB7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1082602554.0000000000DB7000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DB7000
|
| Size: |
856064
|
|
|
111A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398023426.000000000111A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
111A000
|
| Size: |
12288
|
|
|
A93000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3548678862.0000000000A93000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A93000
|
| Size: |
524288
|
|
|
992000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1105777205.0000000000992000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
992000
|
| Size: |
16384
|
|
|
3112000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107703691.0000000003112000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3112000
|
| Size: |
262144
|
|
|
307B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099360232.000000000307B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
307B000
|
| Size: |
8192
|
|
|
74C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1407244259.00000000074C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
74C0000
|
| Size: |
4096
|
|
|
64B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1405182597.00000000064B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
64B0000
|
| Size: |
65536
|
|
|
8150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221206794.0000000008150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8150000
|
| Size: |
65536
|
|
|
7DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110262389.0000000007DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DE0000
|
| Size: |
20480
|
|
|
34E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1222086382.00000000034E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34E5000
|
| Size: |
12288
|
|
|
3420000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1217209333.0000000003420000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3420000
|
| Size: |
36864
|
|
|
5B9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558091056.0000000005B9C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B9C000
|
| Size: |
16384
|
|
|
3FF3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1213506244.0000000003FF3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FF3000
|
| Size: |
507904
|
|
|
6E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405982954.0000000006E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E00000
|
| Size: |
20480
|
|
|
12E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398865875.00000000012E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12E6000
|
| Size: |
16384
|
|
|
74BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407215071.00000000074BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
74BE000
|
| Size: |
8192
|
|
|
340E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107774449.000000000340E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
340E000
|
| Size: |
8192
|
|
|
4259000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215957567.0000000004259000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4259000
|
| Size: |
4096
|
|
|
2F33000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F33000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F33000
|
| Size: |
8192
|
|
|
3E30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099396175.0000000003E30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3E30000
|
| Size: |
741376
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
70B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1406791667.00000000070B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
70B0000
|
| Size: |
65536
|
|
|
63C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559454168.00000000063C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
63C0000
|
| Size: |
4096
|
|
|
2F62000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F62000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F62000
|
| Size: |
4096
|
|
|
1712000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1074131904.0000000001712000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1712000
|
| Size: |
61440
|
|
|
2891000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002891000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2891000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5F50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1403713447.0000000005F50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5F50000
|
| Size: |
65536
|
|
|
52F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402636583.00000000052F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52F0000
|
| Size: |
65536
|
|
|
5701000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252671498.0000000005701000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5701000
|
| Size: |
12288
|
|
|
750E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407273078.000000000750E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
750E000
|
| Size: |
8192
|
|
|
7EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1101767282.0000000007EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC0000
|
| Size: |
8192
|
|
|
4090000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094346445.0000000004090000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4090000
|
| Size: |
1196032
|
|
|
3B98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003B98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B98000
|
| Size: |
81920
|
|
|
3B45000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1071810509.0000000003B45000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3B45000
|
| Size: |
786432
|
|
|
6155000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404493408.0000000006155000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6155000
|
| Size: |
45056
|
|
|
73C5D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3570781422.0000000073C5D000.00000004.00000001.01000000.0000000A.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
73C5D000
|
| Size: |
8192
|
|
|
51F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402265064.00000000051F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51F0000
|
| Size: |
61440
|
|
|
25B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549876630.00000000025B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25B0000
|
| Size: |
8192
|
|
|
4D1A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556701751.0000000004D1A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D1A000
|
| Size: |
4096
|
|
|
80B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100450609.00000000080B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80B0000
|
| Size: |
65536
|
|
|
422E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094778053.000000000422E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
422E000
|
| Size: |
24576
|
|
|
6137000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404299439.0000000006137000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6137000
|
| Size: |
8192
|
|
|
D30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1217909381.0000000000D30000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D30000
|
| Size: |
4096
|
|
|
ACE000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.1201281907.0000000000ACE000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
ACE000
|
| Size: |
8192
|
|
|
5B52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B52000
|
| Size: |
4096
|
|
|
5B5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B5C000
|
| Size: |
4096
|
|
|
5250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402374463.0000000005250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5250000
|
| Size: |
4096
|
|
|
330C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.000000000330C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
330C000
|
| Size: |
8192
|
|
|
7FFC0C626000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.1202580767.00007FFC0C626000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFC0C626000
|
| Size: |
40960
|
|
|
40B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215796115.00000000040B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40B3000
|
| Size: |
507904
|
|
|
15CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083124394.00000000015CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15CE000
|
| Size: |
8192
|
|
|
73C41000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.1256621191.0000000073C41000.00000020.00000001.01000000.0000000A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
73C41000
|
| Size: |
86016
|
|
|
2120000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1093349341.0000000002120000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2120000
|
| Size: |
4096
|
|
|
6DA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405516511.0000000006DA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DA2000
|
| Size: |
8192
|
|
|
950000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3548589072.0000000000950000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
950000
|
| Size: |
4096
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1253953113.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
65536
|
|
|
61B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404803180.00000000061B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61B3000
|
| Size: |
20480
|
|
|
304A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1098300029.000000000304A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
304A000
|
| Size: |
24576
|
|
|
2ED7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED7000
|
| Size: |
286720
|
|
|
AD7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1098638057.0000000000AD7000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AD7000
|
| Size: |
856064
|
|
|
422E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1093819108.000000000422E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
422E000
|
| Size: |
24576
|
|
|
2F4D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F4D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F4D000
|
| Size: |
8192
|
|
|
83F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219578499.00000000083F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83F0000
|
| Size: |
65536
|
|
|
51E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1252361460.00000000051E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51E0000
|
| Size: |
65536
|
|
|
2C80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399214500.0000000002C80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C80000
|
| Size: |
4096
|
|
|
AD73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3568497936.000000000AD73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD73000
|
| Size: |
53248
|
|
|
1372000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1082940189.0000000001372000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1372000
|
| Size: |
208896
|
|
|
40F1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1081511579.00000000040F1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F1000
|
| Size: |
856064
|
|
|
80A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100468480.00000000080A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80A0000
|
| Size: |
65536
|
|
|
13BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218028498.00000000013BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13BE000
|
| Size: |
8192
|
|
|
12DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398865875.00000000012DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12DE000
|
| Size: |
4096
|
|
|
22A41317000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1201526965.0000022A41317000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A41317000
|
| Size: |
4096
|
|
|
6DB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405516511.0000000006DB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DB8000
|
| Size: |
4096
|
|
|
30AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107337842.00000000030AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30AE000
|
| Size: |
57344
|
|
|
A11000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000006.00000000.1201193251.0000000000A11000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A11000
|
| Size: |
581632
|
|
|
4DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557238985.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DC0000
|
| Size: |
36864
|
|
|
AD2000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000001.00000000.1082087545.0000000000AD2000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
AD2000
|
| Size: |
8192
|
|
|
40D3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1097965760.00000000040D3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40D3000
|
| Size: |
507904
|
|
|
3D91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1401224333.0000000003D91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D91000
|
| Size: |
36864
|
|
|
30C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107420736.00000000030C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30C9000
|
| Size: |
8192
|
|
|
3F90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1217012066.0000000003F90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F90000
|
| Size: |
1187840
|
|
|
52E0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1402616997.00000000052E0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
52E0000
|
| Size: |
4096
|
|
|
8720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1222033268.0000000008720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8720000
|
| Size: |
36864
|
|
|
4D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108108625.0000000004D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D70000
|
| Size: |
4096
|
|
|
7EEE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1407872888.000000007EEE0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7EEE0000
|
| Size: |
4096
|
|
|
7FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100577004.0000000007FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC0000
|
| Size: |
65536
|
|
|
7EF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100953251.0000000007EF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF1000
|
| Size: |
61440
|
|
|
4013000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094164006.0000000004013000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4013000
|
| Size: |
507904
|
|
|
81B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220997141.00000000081B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81B0000
|
| Size: |
131072
|
|
|
871F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1256212228.000000000871F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
871F000
|
| Size: |
4096
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102277957.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
65536
|
|
|
22A412B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202378522.0000022A412B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A412B2000
|
| Size: |
45056
|
|
|
15F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1204923675.00000000015F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F5000
|
| Size: |
655360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
30BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107400007.00000000030BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30BD000
|
| Size: |
45056
|
|
|
3A7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251802182.0000000003A7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A7F000
|
| Size: |
4096
|
|
|
64A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405121587.00000000064A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
64A3000
|
| Size: |
45056
|
|
|
8CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407508604.0000000008CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8CDE000
|
| Size: |
8192
|
|
|
11FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1098894858.00000000011FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11FE000
|
| Size: |
8192
|
|
|
15F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1202521198.00000000015F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F5000
|
| Size: |
655360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
AD08000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3567611945.000000000AD08000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD08000
|
| Size: |
20480
|
|
|
78DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1109870254.00000000078DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
78DD000
|
| Size: |
12288
|
|
|
22A41289000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1201623779.0000022A41289000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A41289000
|
| Size: |
49152
|
|
|
22A412C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1201543442.0000022A412C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A412C4000
|
| Size: |
339968
|
|
|
5B43000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B43000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B43000
|
| Size: |
4096
|
|
|
4D12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556701751.0000000004D12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D12000
|
| Size: |
28672
|
|
|
61A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404729296.00000000061A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61A1000
|
| Size: |
12288
|
|
|
F118EFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202083438.000000F118EFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F118EFF000
|
| Size: |
4096
|
|
|
2BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1106943706.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BE0000
|
| Size: |
4096
|
|
|
7B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3565617203.0000000007B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B80000
|
| Size: |
81920
|
|
|
3B78000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003B78000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B78000
|
| Size: |
81920
|
|
|
22A412AC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1201470843.0000022A412AC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A412AC000
|
| Size: |
81920
|
|
|
39E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1201976799.00000000039E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39E2000
|
| Size: |
786432
|
|
|
81D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220962115.00000000081D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81D0000
|
| Size: |
65536
|
|
|
20D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1083298778.00000000020D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20D6000
|
| Size: |
786432
|
|
|
2ED5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002ED5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED5000
|
| Size: |
4096
|
|
|
8100000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220375781.0000000008100000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8100000
|
| Size: |
65536
|
|
|
F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083076155.0000000000F70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F70000
|
| Size: |
24576
|
|
|
1066000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398023426.0000000001066000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1066000
|
| Size: |
53248
|
|
|
6A0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1109303552.0000000006A0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A0A000
|
| Size: |
36864
|
|
|
81E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219811919.00000000081E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81E0000
|
| Size: |
65536
|
|
|
7EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100971353.0000000007EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE0000
|
| Size: |
65536
|
|
|
A11000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000001.00000000.1081978693.0000000000A11000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A11000
|
| Size: |
581632
|
|
|
60F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404016837.00000000060F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
60F7000
|
| Size: |
65536
|
|
|
573B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.000000000573B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
573B000
|
| Size: |
20480
|
|
|
5B1E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B1E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B1E000
|
| Size: |
4096
|
|
|
2C77000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002C77000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C77000
|
| Size: |
196608
|
|
|
1312C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3570298939.000000001312C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1312C000
|
| Size: |
16384
|
|
|
73C5F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.1256724029.0000000073C5F000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C5F000
|
| Size: |
12288
|
|
|
5901000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1252727350.0000000005901000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5901000
|
| Size: |
20480
|
|
|
513E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252323403.000000000513E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
513E000
|
| Size: |
8192
|
|
|
13FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218028498.00000000013FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13FC000
|
| Size: |
16384
|
|
|
550E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402710142.000000000550E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
550E000
|
| Size: |
8192
|
|
|
2780000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3550505934.0000000002780000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2780000
|
| Size: |
4096
|
|
|
5DA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3548326312.00000000005DA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DA000
|
| Size: |
24576
|
|
|
5742000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402810462.0000000005742000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5742000
|
| Size: |
36864
|
|
|
2F1F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F1F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F1F000
|
| Size: |
32768
|
|
|
7140000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407040757.0000000007140000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7140000
|
| Size: |
65536
|
|
|
8140000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221243009.0000000008140000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8140000
|
| Size: |
65536
|
|
|
73C56000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.1256661299.0000000073C56000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C56000
|
| Size: |
28672
|
|
|
3DB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1401224333.0000000003DB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DB1000
|
| Size: |
704512
|
|
|
4CE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556593478.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
7D90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110136104.0000000007D90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D90000
|
| Size: |
65536
|
|
|
9A6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1105777205.00000000009A6000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9A6000
|
| Size: |
36864
|
|
|
6DA9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405516511.0000000006DA9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DA9000
|
| Size: |
8192
|
|
|
1156000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1398381913.0000000001156000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1156000
|
| Size: |
12288
|
|
|
82AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110758935.00000000082AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
82AE000
|
| Size: |
8192
|
|
|
DB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397737952.0000000000DB0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB0000
|
| Size: |
4096
|
|
|
3482000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218322289.0000000003482000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3482000
|
| Size: |
24576
|
|
|
346D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251351727.000000000346D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
346D000
|
| Size: |
278528
|
|
|
5270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402464250.0000000005270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5270000
|
| Size: |
12288
|
|
|
800E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.000000000800E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
800E000
|
| Size: |
4096
|
|
|
611C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558431388.000000000611C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
611C000
|
| Size: |
16384
|
|
|
8040000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254764551.0000000008040000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8040000
|
| Size: |
65536
|
|
|
E39000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1098870629.0000000000E39000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E39000
|
| Size: |
28672
|
|
|
6C67000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3560375470.0000000006C67000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C67000
|
| Size: |
32768
|
|
|
61C2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404863165.00000000061C2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61C2000
|
| Size: |
12288
|
|
|
22A41410000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202464215.0000022A41410000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A41410000
|
| Size: |
16384
|
|
|
73C5F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1111666763.0000000073C5F000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C5F000
|
| Size: |
12288
|
|
|
4D44000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107940771.0000000004D44000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D44000
|
| Size: |
4096
|
|
|
3FB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1095613547.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
1187840
|
|
|
56FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108582770.00000000056FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56FF000
|
| Size: |
4096
|
|
|
61D9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558941836.00000000061D9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61D9000
|
| Size: |
28672
|
|
|
5080000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251913699.0000000005080000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5080000
|
| Size: |
8192
|
|
|
111E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398023426.000000000111E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
111E000
|
| Size: |
36864
|
|
|
339C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.000000000339C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
339C000
|
| Size: |
8192
|
|
|
5510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402736309.0000000005510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5510000
|
| Size: |
8192
|
|
|
511D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557440960.000000000511D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
511D000
|
| Size: |
12288
|
|
|
2CEB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002CEB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CEB000
|
| Size: |
262144
|
|
|
80F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100365972.00000000080F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80F0000
|
| Size: |
28672
|
|
|
336C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.000000000336C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
336C000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2BC8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399118092.0000000002BC8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BC8000
|
| Size: |
8192
|
|
|
DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218003940.0000000000DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DE0000
|
| Size: |
8192
|
|
|
E45000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397798104.0000000000E45000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E45000
|
| Size: |
16384
|
|
|
303F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107174290.000000000303F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
303F000
|
| Size: |
12288
|
|
|
164F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1074015535.000000000164F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
164F000
|
| Size: |
16384
|
|
|
852E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110988752.000000000852E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
852E000
|
| Size: |
8192
|
|
|
5EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558241264.0000000005EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EDE000
|
| Size: |
8192
|
|
|
7ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110534773.0000000007ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED0000
|
| Size: |
4096
|
|
|
269C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550322937.000000000269C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
269C000
|
| Size: |
16384
|
|
|
11C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398623882.00000000011C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C0000
|
| Size: |
20480
|
|
|
6DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405869561.0000000006DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6DE0000
|
| Size: |
36864
|
|
|
3F70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083664708.0000000003F70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F70000
|
| Size: |
741376
|
|
|
2B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1106819436.0000000002B60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B60000
|
| Size: |
4096
|
|
|
4D00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107859249.0000000004D00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
ABB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3566318401.000000000ABB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ABB0000
|
| Size: |
4096
|
|
|
7F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100777247.0000000007F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F30000
|
| Size: |
65536
|
|
|
DAE000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1070690862.0000000000DAE000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
DAE000
|
| Size: |
8192
|
|
|
2C24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002C24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C24000
|
| Size: |
311296
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
D0B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549812831.0000000000D0B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D0B000
|
| Size: |
20480
|
|
|
2C19000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002C19000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C19000
|
| Size: |
40960
|
|
|
8120000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220323178.0000000008120000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8120000
|
| Size: |
65536
|
|
|
2C75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399169142.0000000002C75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C75000
|
| Size: |
45056
|
|
|
81C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219870885.00000000081C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81C0000
|
| Size: |
65536
|
|
|
22A4128A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202303285.0000022A4128A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A4128A000
|
| Size: |
45056
|
|
|
7ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1101036316.0000000007ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED0000
|
| Size: |
65536
|
|
|
5722000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005722000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5722000
|
| Size: |
4096
|
|
|
2CA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002CA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CA8000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
25EA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3550134924.00000000025EA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
25EA000
|
| Size: |
8192
|
|
|
5B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B60000
|
| Size: |
32768
|
|
|
5090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251938574.0000000005090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5090000
|
| Size: |
8192
|
|
|
7690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407381589.0000000007690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7690000
|
| Size: |
4096
|
|
|
11B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1398593475.00000000011B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
11B0000
|
| Size: |
65536
|
|
|
373F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251760418.000000000373F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
373F000
|
| Size: |
4096
|
|
|
16F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1072100079.00000000016F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16F6000
|
| Size: |
81920
|
|
|
3039000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251030839.0000000003039000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3039000
|
| Size: |
28672
|
|
|
572B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402810462.000000000572B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
572B000
|
| Size: |
20480
|
|
|
6DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405808897.0000000006DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DD0000
|
| Size: |
4096
|
|
|
25C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549901098.00000000025C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25C0000
|
| Size: |
8192
|
|
|
3382000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000003382000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3382000
|
| Size: |
16384
|
|
|
41BD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1093819108.00000000041BD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41BD000
|
| Size: |
458752
|
|
|
12E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398865875.00000000012E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12E1000
|
| Size: |
16384
|
|
|
3FF3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215302924.0000000003FF3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FF3000
|
| Size: |
507904
|
|
|
15C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1201912906.00000000015C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C5000
|
| Size: |
851968
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5752000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005752000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5752000
|
| Size: |
4096
|
|
|
DA4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1070640710.0000000000DA4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DA4000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
2BBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399097653.0000000002BBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BBE000
|
| Size: |
8192
|
|
|
2B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1106872008.0000000002B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B80000
|
| Size: |
8192
|
|
|
3AB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003AB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AB8000
|
| Size: |
81920
|
|
|
501E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557406284.000000000501E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
501E000
|
| Size: |
8192
|
|
|
7F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100754363.0000000007F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F40000
|
| Size: |
65536
|
|
|
1444000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1086127298.0000000001444000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1444000
|
| Size: |
118784
|
|
|
419D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1213687273.000000000419D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
419D000
|
| Size: |
458752
|
|
|
6199000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404676623.0000000006199000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6199000
|
| Size: |
12288
|
|
|
426000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1250929853.0000000000426000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
426000
|
| Size: |
4096
|
|
|
73C41000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1111399408.0000000073C41000.00000020.00000001.01000000.0000000A.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
73C41000
|
| Size: |
86016
|
|
|
4D2D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556701751.0000000004D2D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D2D000
|
| Size: |
69632
|
|
|
84B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219263377.00000000084B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
84B0000
|
| Size: |
65536
|
|
|
3B38000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003B38000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B38000
|
| Size: |
81920
|
|
|
4070000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215461246.0000000004070000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4070000
|
| Size: |
1196032
|
|
|
61AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558686241.00000000061AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61AE000
|
| Size: |
20480
|
|
|
50C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252211568.00000000050C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50C2000
|
| Size: |
4096
|
|
|
2B4E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002B4E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B4E000
|
| Size: |
286720
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6FE5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406499308.0000000006FE5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FE5000
|
| Size: |
45056
|
|
|
4BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107796842.0000000004BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BEE000
|
| Size: |
8192
|
|
|
776B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3564762701.000000000776B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
776B000
|
| Size: |
20480
|
|
|
3B58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003B58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B58000
|
| Size: |
81920
|
|
|
4E8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402192883.0000000004E8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E8C000
|
| Size: |
16384
|
|
|
61C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404888337.00000000061C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61C7000
|
| Size: |
28672
|
|
|
5754000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005754000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5754000
|
| Size: |
4096
|
|
|
EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1082942899.0000000000EE0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EE0000
|
| Size: |
4096
|
|
|
83A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219751853.00000000083A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83A0000
|
| Size: |
65536
|
|
|
5B3B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B3B000
|
| Size: |
4096
|
|
|
5B24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B24000
|
| Size: |
4096
|
|
|
7F10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100873994.0000000007F10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F10000
|
| Size: |
65536
|
|
|
667C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559827813.000000000667C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
667C000
|
| Size: |
16384
|
|
|
5B46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B46000
|
| Size: |
45056
|
|
|
26A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550352186.00000000026A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
26A0000
|
| Size: |
4096
|
|
|
6DBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405516511.0000000006DBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DBA000
|
| Size: |
8192
|
|
|
6173000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404581926.0000000006173000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6173000
|
| Size: |
53248
|
|
|
80F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220400130.00000000080F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80F6000
|
| Size: |
40960
|
|
|
57B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1403286936.00000000057B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
65536
|
|
|
25FB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3550252619.00000000025FB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
25FB000
|
| Size: |
4096
|
|
|
33BA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.00000000033BA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33BA000
|
| Size: |
8192
|
|
|
3918000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003918000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3918000
|
| Size: |
77824
|
|
|
130EB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3570156032.00000000130EB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
130EB000
|
| Size: |
20480
|
|
|
6C3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3560344224.0000000006C3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C3C000
|
| Size: |
16384
|
|
|
5310000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557747536.0000000005310000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5310000
|
| Size: |
65536
|
|
|
307F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099276979.000000000307F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
307F000
|
| Size: |
32768
|
|
|
3891000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003891000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3891000
|
| Size: |
36864
|
|
|
FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083108965.0000000000FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FF0000
|
| Size: |
4096
|
|
|
3EF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1093676046.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3EF0000
|
| Size: |
1187840
|
|
|
C5A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397689547.0000000000C5A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C5A000
|
| Size: |
24576
|
|
|
1140000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398285111.0000000001140000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1140000
|
| Size: |
45056
|
|
|
5B1C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B1C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B1C000
|
| Size: |
4096
|
|
|
42EE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1098164908.00000000042EE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42EE000
|
| Size: |
24576
|
|
|
83C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219679573.00000000083C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83C0000
|
| Size: |
65536
|
|
|
F1193FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202156201.000000F1193FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F1193FF000
|
| Size: |
4096
|
|
|
10E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398023426.00000000010E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E8000
|
| Size: |
200704
|
|
|
2D2C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002D2C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D2C000
|
| Size: |
536576
|
|
|
13C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1083030562.00000000013C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C4000
|
| Size: |
4096
|
|
|
2F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F7E000
|
| Size: |
8192
|
|
|
2EBE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EBE000
|
| Size: |
8192
|
|
|
4D72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108130421.0000000004D72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D72000
|
| Size: |
4096
|
|
|
15CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218182541.00000000015CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15CC000
|
| Size: |
139264
|
|
|
420E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215461246.000000000420E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
420E000
|
| Size: |
24576
|
|
|
2A83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002A83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A83000
|
| Size: |
262144
|
|
|
2F5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F5A000
|
| Size: |
8192
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1087110295.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
614400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5801000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252699362.0000000005801000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5801000
|
| Size: |
28672
|
|
|
7F00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102596572.0000000007F00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F00000
|
| Size: |
65536
|
|
|
330E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107753398.000000000330E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
330E000
|
| Size: |
8192
|
|
|
25E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550069491.00000000025E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25E0000
|
| Size: |
4096
|
|
|
3363000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000003363000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3363000
|
| Size: |
32768
|
|
|
574E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402810462.000000000574E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
574E000
|
| Size: |
8192
|
|
|
1322B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3570417554.000000001322B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1322B000
|
| Size: |
20480
|
|
|
4CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556562805.0000000004CD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CD0000
|
| Size: |
8192
|
|
|
4D67000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1108068821.0000000004D67000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D67000
|
| Size: |
4096
|
|
|
104E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397972063.000000000104E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
104E000
|
| Size: |
65536
|
|
|
6DBF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405516511.0000000006DBF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DBF000
|
| Size: |
8192
|
|
|
619D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404706828.000000000619D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
619D000
|
| Size: |
4096
|
|
|
4130000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1216583312.0000000004130000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4130000
|
| Size: |
1196032
|
|
|
8140000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100285940.0000000008140000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8140000
|
| Size: |
65536
|
|
|
5D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558189730.0000000005D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D9E000
|
| Size: |
8192
|
|
|
60DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558395654.00000000060DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60DC000
|
| Size: |
16384
|
|
|
8180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220149720.0000000008180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8180000
|
| Size: |
65536
|
|
|
70A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406739407.00000000070A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70A0000
|
| Size: |
65536
|
|
|
6E77000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406357398.0000000006E77000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E77000
|
| Size: |
32768
|
|
|
6184000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404618328.0000000006184000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6184000
|
| Size: |
16384
|
|
|
571E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402782110.000000000571E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
571E000
|
| Size: |
8192
|
|
|
57F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403361842.00000000057F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57F0000
|
| Size: |
65536
|
|
|
1162000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398456753.0000000001162000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1162000
|
| Size: |
4096
|
|
|
297C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.000000000297C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
297C000
|
| Size: |
1052672
|
|
|
5260000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1402423833.0000000005260000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
65536
|
|
|
3054000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107313451.0000000003054000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3054000
|
| Size: |
122880
|
|
|
81E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1255111184.00000000081E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81E0000
|
| Size: |
57344
|
|
|
6142000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404355828.0000000006142000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6142000
|
| Size: |
32768
|
|
|
1340000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099066197.0000000001340000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1340000
|
| Size: |
24576
|
|
|
1697000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1218454688.0000000001697000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1697000
|
| Size: |
16384
|
|
|
66FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559896980.00000000066FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66FC000
|
| Size: |
16384
|
|
|
30E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107586602.00000000030E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30E2000
|
| Size: |
8192
|
|
|
8160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221166724.0000000008160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8160000
|
| Size: |
65536
|
|
|
5368000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557887283.0000000005368000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5368000
|
| Size: |
32768
|
|
|
15F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218182541.00000000015F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F5000
|
| Size: |
655360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3A38000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003A38000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A38000
|
| Size: |
81920
|
|
|
709E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406707614.000000000709E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
709E000
|
| Size: |
8192
|
|
|
4DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108246421.0000000004DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DEE000
|
| Size: |
8192
|
|
|
22A41415000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202464215.0000022A41415000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A41415000
|
| Size: |
32768
|
|
|
5253000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402374463.0000000005253000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5253000
|
| Size: |
8192
|
|
|
34C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1222120064.00000000034C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34C8000
|
| Size: |
32768
|
|
|
50F0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1252297195.00000000050F0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
50F0000
|
| Size: |
4096
|
|
|
7EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102811241.0000000007EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC0000
|
| Size: |
65536
|
|
|
5F70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403803781.0000000005F70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F70000
|
| Size: |
65536
|
|
|
15F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1201853264.00000000015F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F6000
|
| Size: |
45056
|
|
|
2B09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002B09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B09000
|
| Size: |
278528
|
|
|
30B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251070916.00000000030B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30B0000
|
| Size: |
4096
|
|
|
6DCA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405516511.0000000006DCA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DCA000
|
| Size: |
8192
|
|
|
AC4B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3567611945.000000000AC4B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AC4B000
|
| Size: |
692224
|
|
|
34B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251351727.00000000034B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34B2000
|
| Size: |
65536
|
|
|
8170000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100221629.0000000008170000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8170000
|
| Size: |
28672
|
|
|
15DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083124394.00000000015DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15DB000
|
| Size: |
20480
|
|
|
625E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559212188.000000000625E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
625E000
|
| Size: |
8192
|
|
|
AC4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1098554021.0000000000AC4000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AC4000
|
| Size: |
40960
|
|
|
343E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251250989.000000000343E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
343E000
|
| Size: |
16384
|
|
|
5800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403402897.0000000005800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5800000
|
| Size: |
65536
|
|
|
63BD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559421752.00000000063BD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
63BD000
|
| Size: |
12288
|
|
|
1454000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1083661644.0000000001454000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1454000
|
| Size: |
53248
|
|
|
3938000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003938000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3938000
|
| Size: |
77824
|
|
|
4030000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1081511579.0000000004030000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4030000
|
| Size: |
729088
|
|
|
7DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099724104.0000000007DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DA0000
|
| Size: |
16384
|
|
|
2100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099319845.0000000002100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2100000
|
| Size: |
4096
|
|
|
22A412BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202378522.0000022A412BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A412BE000
|
| Size: |
8192
|
|
|
6370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559340044.0000000006370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6370000
|
| Size: |
20480
|
|
|
3488000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218291896.0000000003488000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3488000
|
| Size: |
8192
|
|
|
50E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252273658.00000000050E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
4090000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094778053.0000000004090000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4090000
|
| Size: |
1196032
|
|
|
5F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403759771.0000000005F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F60000
|
| Size: |
65536
|
|
|
34C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251434015.00000000034C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34C3000
|
| Size: |
28672
|
|
|
1651000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1075455030.0000000001651000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1651000
|
| Size: |
8192
|
|
|
DA4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1082454449.0000000000DA4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DA4000
|
| Size: |
40960
|
|
|
4CE3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556593478.0000000004CE3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CE3000
|
| Size: |
8192
|
|
|
302E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107174290.000000000302E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
302E000
|
| Size: |
24576
|
|
|
426000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1106669294.0000000000426000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
426000
|
| Size: |
4096
|
|
|
4D60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108029440.0000000004D60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D60000
|
| Size: |
4096
|
|
|
25F7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3550230450.00000000025F7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
25F7000
|
| Size: |
4096
|
|
|
40D3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1095613547.00000000040D3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40D3000
|
| Size: |
507904
|
|
|
124E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398744745.000000000124E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
124E000
|
| Size: |
8192
|
|
|
52DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557633709.00000000052DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52DC000
|
| Size: |
16384
|
|
|
4279000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1098164908.0000000004279000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4279000
|
| Size: |
4096
|
|
|
571E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.000000000571E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
571E000
|
| Size: |
4096
|
|
|
3BB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003BB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BB8000
|
| Size: |
86016
|
|
|
7FFE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000007FFE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFE000
|
| Size: |
12288
|
|
|
4D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107987591.0000000004D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D50000
|
| Size: |
8192
|
|
|
5094000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251985984.0000000005094000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5094000
|
| Size: |
4096
|
|
|
8730000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1222187390.0000000008730000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8730000
|
| Size: |
4096
|
|
|
70C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406844330.00000000070C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70C0000
|
| Size: |
4096
|
|
|
40E3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1081511579.00000000040E3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40E3000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
422E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094346445.000000000422E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
422E000
|
| Size: |
24576
|
|
|
5F90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1403899997.0000000005F90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5F90000
|
| Size: |
65536
|
|
|
500000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000000.1104394376.0000000000500000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
500000
|
| Size: |
4096
|
|
|
5F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403667127.0000000005F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F40000
|
| Size: |
65536
|
|
|
7FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1101900896.0000000007FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA0000
|
| Size: |
28672
|
|
|
5FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403970591.0000000005FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5FC0000
|
| Size: |
61440
|
|
|
2BB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1106899810.0000000002BB0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BB0000
|
| Size: |
4096
|
|
|
5412000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252522645.0000000005412000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5412000
|
| Size: |
4096
|
|
|
5240000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402322700.0000000005240000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5240000
|
| Size: |
4096
|
|
|
338F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.000000000338F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
338F000
|
| Size: |
8192
|
|
|
2C60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399142480.0000000002C60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C60000
|
| Size: |
65536
|
|
|
1250000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398767567.0000000001250000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1250000
|
| Size: |
12288
|
|
|
DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397758746.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC0000
|
| Size: |
12288
|
|
|
81F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220903477.00000000081F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81F0000
|
| Size: |
28672
|
|
|
3080000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099320961.0000000003080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3080000
|
| Size: |
28672
|
|
|
25E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550091456.00000000025E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25E2000
|
| Size: |
4096
|
|
|
1620000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1201824206.0000000001620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1620000
|
| Size: |
4096
|
|
|
25F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550159026.00000000025F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25F0000
|
| Size: |
4096
|
|
|
64C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559679754.00000000064C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
64C0000
|
| Size: |
65536
|
|
|
A50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3548678862.0000000000A50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A50000
|
| Size: |
40960
|
|
|
3073000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107337842.0000000003073000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3073000
|
| Size: |
237568
|
|
|
8110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220759056.0000000008110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8110000
|
| Size: |
8192
|
|
|
169F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1202285913.000000000169F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
169F000
|
| Size: |
90112
|
|
|
6FE2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406499308.0000000006FE2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FE2000
|
| Size: |
8192
|
|
|
A10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000000.1081962902.0000000000A10000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A10000
|
| Size: |
4096
|
|
|
575A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402810462.000000000575A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
575A000
|
| Size: |
12288
|
|
|
2D91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002D91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D91000
|
| Size: |
483328
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
575A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.000000000575A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
575A000
|
| Size: |
4096
|
|
|
1310000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099045266.0000000001310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1310000
|
| Size: |
20480
|
|
|
AD61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3568497936.000000000AD61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD61000
|
| Size: |
4096
|
|
|
DAE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1082584521.0000000000DAE000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
DAE000
|
| Size: |
36864
|
|
|
616A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558515669.000000000616A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
616A000
|
| Size: |
86016
|
|
|
22A4141E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202464215.0000022A4141E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A4141E000
|
| Size: |
4096
|
|
|
2DB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002DB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DB4000
|
| Size: |
286720
|
|
|
1336B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3570638575.000000001336B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1336B000
|
| Size: |
20480
|
|
|
3ED0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1214008863.0000000003ED0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3ED0000
|
| Size: |
1187840
|
|
|
348A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218263766.000000000348A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
348A000
|
| Size: |
57344
|
|
|
5B20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B20000
|
| Size: |
4096
|
|
|
1435000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1099212159.0000000001435000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1435000
|
| Size: |
20480
|
|
|
5E9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558217297.0000000005E9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E9F000
|
| Size: |
4096
|
|
|
1655000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1071670145.0000000001655000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1655000
|
| Size: |
49152
|
|
|
38F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.00000000038F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F8000
|
| Size: |
77824
|
|
|
1260000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398790923.0000000001260000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1260000
|
| Size: |
65536
|
|
|
5501000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1108557845.0000000005501000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5501000
|
| Size: |
20480
|
|
|
7EE90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3570901258.000000007EE90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7EE90000
|
| Size: |
4096
|
|
|
61C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558853635.00000000061C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61C4000
|
| Size: |
20480
|
|
|
8011000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000008011000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8011000
|
| Size: |
8192
|
|
|
15F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1206143742.00000000015F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F5000
|
| Size: |
655360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5139000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557494076.0000000005139000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5139000
|
| Size: |
8192
|
|
|
83D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219657081.00000000083D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83D0000
|
| Size: |
53248
|
|
|
63E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3559555035.00000000063E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
63E0000
|
| Size: |
65536
|
|
|
4DD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557238985.0000000004DD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DD0000
|
| Size: |
32768
|
|
|
22A41296000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1201602526.0000022A41296000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A41296000
|
| Size: |
90112
|
|
|
83B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219706471.00000000083B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83B0000
|
| Size: |
65536
|
|
|
61CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558883475.00000000061CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61CE000
|
| Size: |
24576
|
|
|
616A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404529268.000000000616A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
616A000
|
| Size: |
12288
|
|
|
609C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558363929.000000000609C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
609C000
|
| Size: |
16384
|
|
|
3958000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003958000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3958000
|
| Size: |
77824
|
|
|
22A41272000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202250085.0000022A41272000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A41272000
|
| Size: |
94208
|
|
|
30AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1103136792.00000000030AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30AF000
|
| Size: |
8192
|
|
|
427D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1098164908.000000000427D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
427D000
|
| Size: |
458752
|
|
|
1270000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1398819319.0000000001270000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1270000
|
| Size: |
4096
|
|
|
2F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F40000
|
| Size: |
16384
|
|
|
12CAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3569580082.0000000012CAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12CAB000
|
| Size: |
20480
|
|
|
8016000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000008016000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8016000
|
| Size: |
4096
|
|
|
331E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.000000000331E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
331E000
|
| Size: |
8192
|
|
|
1560000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218143409.0000000001560000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1560000
|
| Size: |
24576
|
|
|
4D62000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108045659.0000000004D62000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D62000
|
| Size: |
4096
|
|
|
7D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110113507.0000000007D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D8E000
|
| Size: |
8192
|
|
|
5030000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251846311.0000000005030000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5030000
|
| Size: |
4096
|
|
|
6109000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404016837.0000000006109000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6109000
|
| Size: |
4096
|
|
|
2F28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F28000
|
| Size: |
36864
|
|
|
4F01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108336746.0000000004F01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F01000
|
| Size: |
4096
|
|
|
1160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398430878.0000000001160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1160000
|
| Size: |
4096
|
|
|
11C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398623882.00000000011C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C7000
|
| Size: |
8192
|
|
|
73C5D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1256690522.0000000073C5D000.00000004.00000001.01000000.0000000A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
73C5D000
|
| Size: |
8192
|
|
|
3B49000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1071139815.0000000003B49000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3B49000
|
| Size: |
786432
|
|
|
2BC0000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1106922603.0000000002BC0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
2BC0000
|
| Size: |
4096
|
|
|
5212000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252459328.0000000005212000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5212000
|
| Size: |
12288
|
|
|
3940000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218545602.0000000003940000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3940000
|
| Size: |
4096
|
|
|
25E6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3550113058.00000000025E6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
25E6000
|
| Size: |
8192
|
|
|
6A70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3560192024.0000000006A70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6A70000
|
| Size: |
57344
|
|
|
A11000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000006.00000002.1217625379.0000000000A11000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A11000
|
| Size: |
581632
|
|
|
419D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215461246.000000000419D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
419D000
|
| Size: |
458752
|
|
|
4150000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1097603950.0000000004150000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4150000
|
| Size: |
1196032
|
|
|
7F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1101940673.0000000007F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F90000
|
| Size: |
65536
|
|
|
308E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099176079.000000000308E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
308E000
|
| Size: |
28672
|
|
|
71A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1407146493.00000000071A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
71A0000
|
| Size: |
20480
|
|
|
5207000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252405924.0000000005207000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5207000
|
| Size: |
12288
|
|
|
612A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404199119.000000000612A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
612A000
|
| Size: |
45056
|
|
|
16F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1073962144.00000000016F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16F6000
|
| Size: |
176128
|
|
|
5401000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108532661.0000000005401000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5401000
|
| Size: |
4096
|
|
|
6E0A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406012780.0000000006E0A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E0A000
|
| Size: |
24576
|
|
|
AC0A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3567052816.000000000AC0A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AC0A000
|
| Size: |
61440
|
|
|
41BD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094778053.00000000041BD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41BD000
|
| Size: |
458752
|
|
|
605B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558331415.000000000605B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
605B000
|
| Size: |
20480
|
|
|
73C40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.1256552831.0000000073C40000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C40000
|
| Size: |
4096
|
|
|
3EF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094164006.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3EF0000
|
| Size: |
1187840
|
|
|
304B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107243791.000000000304B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
304B000
|
| Size: |
20480
|
|
|
7F50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100728882.0000000007F50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F50000
|
| Size: |
65536
|
|
|
4CF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556642807.0000000004CF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CF0000
|
| Size: |
65536
|
|
|
878E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1256339682.000000000878E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
878E000
|
| Size: |
8192
|
|
|
7FFC0C610000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.1202545262.00007FFC0C610000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFC0C610000
|
| Size: |
4096
|
|
|
7680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407343970.0000000007680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7680000
|
| Size: |
12288
|
|
|
5760000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005760000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5760000
|
| Size: |
356352
|
|
|
620C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559131957.000000000620C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
620C000
|
| Size: |
49152
|
|
|
3EF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1401224333.0000000003EF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3EF6000
|
| Size: |
176128
|
|
|
2F79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F79000
|
| Size: |
8192
|
|
|
2EC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002EC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC1000
|
| Size: |
28672
|
|
|
ABD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3566793833.000000000ABD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ABD5000
|
| Size: |
212992
|
|
|
61E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558979565.00000000061E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61E1000
|
| Size: |
8192
|
|
|
5ED0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1403522629.0000000005ED0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5ED0000
|
| Size: |
65536
|
|
|
81A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219945408.00000000081A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81A0000
|
| Size: |
65536
|
|
|
6FC1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406423595.0000000006FC1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FC1000
|
| Size: |
4096
|
|
|
15F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1206143742.00000000015F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F3000
|
| Size: |
4096
|
|
|
1165000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1398476970.0000000001165000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1165000
|
| Size: |
4096
|
|
|
A10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1217595784.0000000000A10000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A10000
|
| Size: |
4096
|
|
|
6890000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3560166113.0000000006890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6890000
|
| Size: |
4096
|
|
|
3087000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099255600.0000000003087000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3087000
|
| Size: |
28672
|
|
|
5B1B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558021003.0000000005B1B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B1B000
|
| Size: |
20480
|
|
|
2610000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550273819.0000000002610000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2610000
|
| Size: |
4096
|
|
|
2EC9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002EC9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC9000
|
| Size: |
8192
|
|
|
1190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398572119.0000000001190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1190000
|
| Size: |
4096
|
|
|
12ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099001432.00000000012ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12ED000
|
| Size: |
12288
|
|
|
8730000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1222257517.0000000008730000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8730000
|
| Size: |
24576
|
|
|
5B22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B22000
|
| Size: |
4096
|
|
|
561F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402761344.000000000561F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
561F000
|
| Size: |
4096
|
|
|
AD7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000000.1082141695.0000000000AD7000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AD7000
|
| Size: |
856064
|
|
|
85DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1256112489.00000000085DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
85DF000
|
| Size: |
4096
|
|
|
ACE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1217762273.0000000000ACE000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
ACE000
|
| Size: |
36864
|
|
|
1654000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1072120564.0000000001654000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1654000
|
| Size: |
647168
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
A5E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3548678862.0000000000A5E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A5E000
|
| Size: |
98304
|
|
|
5B09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B09000
|
| Size: |
4096
|
|
|
1152000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398357421.0000000001152000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1152000
|
| Size: |
4096
|
|
|
2AC5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550554103.0000000002AC5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC5000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
34E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251485238.00000000034E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34E5000
|
| Size: |
12288
|
|
|
397E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251782207.000000000397E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
397E000
|
| Size: |
8192
|
|
|
1372000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1083067880.0000000001372000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1372000
|
| Size: |
208896
|
|
|
575E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.000000000575E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
575E000
|
| Size: |
4096
|
|
|
4D40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557037878.0000000004D40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D40000
|
| Size: |
4096
|
|
|
541F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252545945.000000000541F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
541F000
|
| Size: |
4096
|
|
|
97AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3566134785.00000000097AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
97AB000
|
| Size: |
20480
|
|
|
4D43000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1107914726.0000000004D43000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D43000
|
| Size: |
4096
|
|
|
5A1B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557987775.0000000005A1B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A1B000
|
| Size: |
20480
|
|
|
6360000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559266093.0000000006360000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6360000
|
| Size: |
40960
|
|
|
13DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218028498.00000000013DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13DB000
|
| Size: |
20480
|
|
|
84A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219288328.00000000084A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
84A0000
|
| Size: |
65536
|
|
|
81DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1255081483.00000000081DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81DE000
|
| Size: |
8192
|
|
|
571C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.000000000571C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
571C000
|
| Size: |
4096
|
|
|
204F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099298810.000000000204F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
204F000
|
| Size: |
4096
|
|
|
8170000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221135993.0000000008170000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8170000
|
| Size: |
65536
|
|
|
30D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251090754.00000000030D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30D0000
|
| Size: |
8192
|
|
|
15A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218182541.00000000015A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15A8000
|
| Size: |
118784
|
|
|
5720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5720000
|
| Size: |
4096
|
|
|
4279000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1097603950.0000000004279000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4279000
|
| Size: |
4096
|
|
|
22A412BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1201639933.0000022A412BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A412BD000
|
| Size: |
12288
|
|
|
5741000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005741000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5741000
|
| Size: |
4096
|
|
|
42CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1216583312.00000000042CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42CE000
|
| Size: |
24576
|
|
|
619A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558686241.000000000619A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
619A000
|
| Size: |
73728
|
|
|
F80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083090734.0000000000F80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F80000
|
| Size: |
4096
|
|
|
4D00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556701751.0000000004D00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D00000
|
| Size: |
20480
|
|
|
8135000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100307045.0000000008135000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8135000
|
| Size: |
45056
|
|
|
613A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404328556.000000000613A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
613A000
|
| Size: |
12288
|
|
|
5724000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005724000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5724000
|
| Size: |
4096
|
|
|
1033000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1397910316.0000000001033000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1033000
|
| Size: |
4096
|
|
|
6C60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3560375470.0000000006C60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C60000
|
| Size: |
24576
|
|
|
5000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108357918.0000000005000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5000000
|
| Size: |
4096
|
|
|
7F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102441019.0000000007F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F30000
|
| Size: |
65536
|
|
|
5EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403618824.0000000005EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EF0000
|
| Size: |
65536
|
|
|
B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549687856.0000000000B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B80000
|
| Size: |
16384
|
|
|
7FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100622868.0000000007FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA0000
|
| Size: |
65536
|
|
|
B19000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549441364.0000000000B19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B19000
|
| Size: |
221184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
61E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559004620.00000000061E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61E7000
|
| Size: |
12288
|
|
|
7EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1101127620.0000000007EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB0000
|
| Size: |
65536
|
|
|
6DED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405911455.0000000006DED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6DED000
|
| Size: |
12288
|
|
|
3F35000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1401224333.0000000003F35000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F35000
|
| Size: |
1634304
|
|
|
7EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1101067066.0000000007EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC0000
|
| Size: |
65536
|
|
|
3978000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003978000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3978000
|
| Size: |
77824
|
|
|
103D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1397949718.000000000103D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
103D000
|
| Size: |
4096
|
|
|
801D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.000000000801D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
801D000
|
| Size: |
4096
|
|
|
4130000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215957567.0000000004130000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4130000
|
| Size: |
1196032
|
|
|
6182000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558588037.0000000006182000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6182000
|
| Size: |
32768
|
|
|
30E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107632215.00000000030E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30E9000
|
| Size: |
20480
|
|
|
5720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402810462.0000000005720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5720000
|
| Size: |
36864
|
|
|
34CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221984366.00000000034CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34CC000
|
| Size: |
40960
|
|
|
30EF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107632215.00000000030EF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30EF000
|
| Size: |
12288
|
|
|
3A58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003A58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A58000
|
| Size: |
81920
|
|
|
8160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100242487.0000000008160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8160000
|
| Size: |
65536
|
|
|
5731000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402810462.0000000005731000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5731000
|
| Size: |
16384
|
|
|
84DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1256068753.00000000084DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
84DE000
|
| Size: |
8192
|
|
|
30E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107564060.00000000030E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30E0000
|
| Size: |
4096
|
|
|
849F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1256018989.000000000849F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
849F000
|
| Size: |
4096
|
|
|
73C5D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407786399.0000000073C5D000.00000004.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
73C5D000
|
| Size: |
8192
|
|
|
61A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404755415.00000000061A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61A7000
|
| Size: |
8192
|
|
|
12DAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3569698375.0000000012DAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12DAB000
|
| Size: |
20480
|
|
|
AC4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1201239540.0000000000AC4000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AC4000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
21A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099339176.00000000021A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21A0000
|
| Size: |
8192
|
|
|
39D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218567767.00000000039D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39D4000
|
| Size: |
8192
|
|
|
5736000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402810462.0000000005736000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5736000
|
| Size: |
45056
|
|
|
3051000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107243791.0000000003051000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3051000
|
| Size: |
8192
|
|
|
6113000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404016837.0000000006113000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6113000
|
| Size: |
4096
|
|
|
4DAC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557181701.0000000004DAC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DAC000
|
| Size: |
16384
|
|
|
3EF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094644180.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3EF0000
|
| Size: |
1187840
|
|
|
1310000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399072238.0000000001310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1310000
|
| Size: |
16384
|
|
|
16F5000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1083333689.00000000016F5000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
16F5000
|
| Size: |
20480
|
|
|
5746000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005746000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5746000
|
| Size: |
45056
|
|
|
15BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083124394.00000000015BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15BF000
|
| Size: |
4096
|
|
|
2F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F74000
|
| Size: |
8192
|
|
|
624C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405006271.000000000624C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
624C000
|
| Size: |
16384
|
|
|
33B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.00000000033B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33B5000
|
| Size: |
8192
|
|
|
5F1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558273373.0000000005F1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F1F000
|
| Size: |
4096
|
|
|
11CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398623882.00000000011CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11CA000
|
| Size: |
12288
|
|
|
1654000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083196807.0000000001654000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1654000
|
| Size: |
647168
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
CCC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549786272.0000000000CCC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CCC000
|
| Size: |
16384
|
|
|
634C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405038675.000000000634C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
634C000
|
| Size: |
16384
|
|
|
25CD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3549980713.00000000025CD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
25CD000
|
| Size: |
4096
|
|
|
A9F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1201239540.0000000000A9F000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A9F000
|
| Size: |
147456
|
|
|
12F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099023595.00000000012F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12F0000
|
| Size: |
4096
|
|
|
121AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3569465313.00000000121AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
121AB000
|
| Size: |
20480
|
|
|
32F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.00000000032F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32F8000
|
| Size: |
8192
|
|
|
39D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218567767.00000000039D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39D0000
|
| Size: |
8192
|
|
|
5EBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403447040.0000000005EBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EBE000
|
| Size: |
8192
|
|
|
8DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1111243787.0000000008DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8DFE000
|
| Size: |
8192
|
|
|
3376000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000003376000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3376000
|
| Size: |
4096
|
|
|
A5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3548678862.0000000000A5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A5B000
|
| Size: |
4096
|
|
|
3ED0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1213506244.0000000003ED0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3ED0000
|
| Size: |
1187840
|
|
|
7F00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100929467.0000000007F00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F00000
|
| Size: |
65536
|
|
|
1180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398548185.0000000001180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1180000
|
| Size: |
4096
|
|
|
6E3B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406136525.0000000006E3B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E3B000
|
| Size: |
16384
|
|
|
5B5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B5E000
|
| Size: |
4096
|
|
|
6CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405356420.0000000006CA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CA0000
|
| Size: |
36864
|
|
|
50B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252100028.00000000050B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50B0000
|
| Size: |
4096
|
|
|
83EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110868713.00000000083EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
83EE000
|
| Size: |
8192
|
|
|
5758000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005758000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5758000
|
| Size: |
4096
|
|
|
61B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404829835.00000000061B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61B9000
|
| Size: |
32768
|
|
|
34D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251457866.00000000034D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34D4000
|
| Size: |
24576
|
|
|
5B5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B5A000
|
| Size: |
4096
|
|
|
DBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1217957570.0000000000DBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBE000
|
| Size: |
8192
|
|
|
22CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083380910.00000000022CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
22CF000
|
| Size: |
4096
|
|
|
3083000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099340190.0000000003083000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3083000
|
| Size: |
16384
|
|
|
162C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083196807.000000000162C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
162C000
|
| Size: |
151552
|
|
|
8030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254702681.0000000008030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8030000
|
| Size: |
65536
|
|
|
5AFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252754705.0000000005AFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5AFF000
|
| Size: |
4096
|
|
|
73C40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.1407569800.0000000073C40000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C40000
|
| Size: |
4096
|
|
|
8128000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254947296.0000000008128000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8128000
|
| Size: |
32768
|
|
|
1654000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1074015535.0000000001654000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1654000
|
| Size: |
647168
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
33BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.00000000033BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33BF000
|
| Size: |
8192
|
|
|
15FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083124394.00000000015FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15FC000
|
| Size: |
16384
|
|
|
13A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1087110295.00000000013A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A0000
|
| Size: |
8192
|
|
|
3075000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099224221.0000000003075000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3075000
|
| Size: |
102400
|
|
|
8150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100268246.0000000008150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8150000
|
| Size: |
65536
|
|
|
1654000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1075455030.0000000001654000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1654000
|
| Size: |
647168
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1374000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1083203650.0000000001374000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1374000
|
| Size: |
790528
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
12FEC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3570058050.0000000012FEC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12FEC000
|
| Size: |
16384
|
|
|
6E5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406231688.0000000006E5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E5B000
|
| Size: |
8192
|
|
|
6E6A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406319774.0000000006E6A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E6A000
|
| Size: |
49152
|
|
|
3333000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000003333000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3333000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
50BA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1252163172.00000000050BA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50BA000
|
| Size: |
4096
|
|
|
60E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404016837.00000000060E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
60E0000
|
| Size: |
65536
|
|
|
1D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218501070.0000000001D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1D9E000
|
| Size: |
8192
|
|
|
E40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397798104.0000000000E40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E40000
|
| Size: |
16384
|
|
|
960000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1105716290.0000000000960000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
960000
|
| Size: |
4096
|
|
|
2D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399240698.0000000002D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D8E000
|
| Size: |
8192
|
|
|
425D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215957567.000000000425D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
425D000
|
| Size: |
458752
|
|
|
7C30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1109989833.0000000007C30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C30000
|
| Size: |
65536
|
|
|
3323000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000003323000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3323000
|
| Size: |
8192
|
|
|
34FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251531869.00000000034FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34FA000
|
| Size: |
45056
|
|
|
3412000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251203753.0000000003412000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3412000
|
| Size: |
94208
|
|
|
6E37000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406113442.0000000006E37000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E37000
|
| Size: |
4096
|
|
|
8CFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1111182735.0000000008CFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8CFC000
|
| Size: |
16384
|
|
|
3478000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218153100.0000000003478000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3478000
|
| Size: |
131072
|
|
|
3012000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107117093.0000000003012000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3012000
|
| Size: |
102400
|
|
|
5020000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251823568.0000000005020000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
7FFC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000007FFC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFC000
|
| Size: |
4096
|
|
|
61ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559030572.00000000061ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61ED000
|
| Size: |
28672
|
|
|
7FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218715980.0000000007FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF0000
|
| Size: |
16384
|
|
|
A9F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1098554021.0000000000A9F000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A9F000
|
| Size: |
147456
|
|
|
5B2B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B2B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B2B000
|
| Size: |
53248
|
|
|
2FFE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FFE000
|
| Size: |
131072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
61D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404916663.00000000061D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61D0000
|
| Size: |
16384
|
|
|
342D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251250989.000000000342D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
342D000
|
| Size: |
24576
|
|
|
3EC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1401224333.0000000003EC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3EC6000
|
| Size: |
4096
|
|
|
8450000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219376533.0000000008450000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8450000
|
| Size: |
196608
|
|
|
4199000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215461246.0000000004199000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4199000
|
| Size: |
4096
|
|
|
6B46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405251365.0000000006B46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B46000
|
| Size: |
28672
|
|
|
4259000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1216583312.0000000004259000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4259000
|
| Size: |
4096
|
|
|
8420000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219482147.0000000008420000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8420000
|
| Size: |
65536
|
|
|
73C41000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.1407611623.0000000073C41000.00000020.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
73C41000
|
| Size: |
86016
|
|
|
342A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251203753.000000000342A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
342A000
|
| Size: |
8192
|
|
|
7C20000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1109896551.0000000007C20000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
7C20000
|
| Size: |
4096
|
|
|
AC1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3567211256.000000000AC1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AC1B000
|
| Size: |
24576
|
|
|
22A41230000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202224861.0000022A41230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A41230000
|
| Size: |
8192
|
|
|
3476000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218197842.0000000003476000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3476000
|
| Size: |
8192
|
|
|
4D0B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556701751.0000000004D0B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D0B000
|
| Size: |
8192
|
|
|
57E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403323092.00000000057E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57E0000
|
| Size: |
65536
|
|
|
1698000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1204870628.0000000001698000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1698000
|
| Size: |
49152
|
|
|
8100000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100339575.0000000008100000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8100000
|
| Size: |
196608
|
|
|
3AE4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099358853.0000000003AE4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3AE4000
|
| Size: |
8192
|
|
|
3AD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003AD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AD8000
|
| Size: |
81920
|
|
|
B67000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549618628.0000000000B67000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B67000
|
| Size: |
28672
|
|
|
34E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251505280.00000000034E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34E9000
|
| Size: |
45056
|
|
|
BCC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549753778.0000000000BCC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BCC000
|
| Size: |
16384
|
|
|
712B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406953248.000000000712B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
712B000
|
| Size: |
20480
|
|
|
4D44000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557037878.0000000004D44000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D44000
|
| Size: |
49152
|
|
|
F1194FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202172567.000000F1194FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F1194FB000
|
| Size: |
20480
|
|
|
3B18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003B18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B18000
|
| Size: |
81920
|
|
|
5B41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B41000
|
| Size: |
4096
|
|
|
6377000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559340044.0000000006377000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6377000
|
| Size: |
32768
|
|
|
6E5E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406231688.0000000006E5E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E5E000
|
| Size: |
40960
|
|
|
4279000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1095922499.0000000004279000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4279000
|
| Size: |
4096
|
|
|
170E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1075413629.000000000170E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
170E000
|
| Size: |
262144
|
|
|
7150000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407092132.0000000007150000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7150000
|
| Size: |
4096
|
|
|
26B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3550380921.00000000026B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26B0000
|
| Size: |
4096
|
|
|
796B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3565281227.000000000796B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
796B000
|
| Size: |
20480
|
|
|
5701000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005701000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5701000
|
| Size: |
106496
|
|
|
1150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398331928.0000000001150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1150000
|
| Size: |
4096
|
|
|
22A41296000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202319002.0000022A41296000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A41296000
|
| Size: |
90112
|
|
|
7FFC0C632000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.1202612972.00007FFC0C632000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFC0C632000
|
| Size: |
8192
|
|
|
8485000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219337922.0000000008485000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8485000
|
| Size: |
45056
|
|
|
61F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559074602.00000000061F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61F5000
|
| Size: |
12288
|
|
|
7DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407473453.0000000007DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DE0000
|
| Size: |
4096
|
|
|
57A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403244572.00000000057A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57A0000
|
| Size: |
65536
|
|
|
41BD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094346445.00000000041BD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41BD000
|
| Size: |
458752
|
|
|
5756000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.0000000005756000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5756000
|
| Size: |
4096
|
|
|
8025000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000008025000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8025000
|
| Size: |
36864
|
|
|
15EF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218182541.00000000015EF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15EF000
|
| Size: |
20480
|
|
|
8141000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220274215.0000000008141000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8141000
|
| Size: |
61440
|
|
|
33AE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.00000000033AE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33AE000
|
| Size: |
8192
|
|
|
7ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102777564.0000000007ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED0000
|
| Size: |
65536
|
|
|
3AE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099358853.0000000003AE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3AE0000
|
| Size: |
8192
|
|
|
3B30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083411344.0000000003B30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3B30000
|
| Size: |
8192
|
|
|
5B3D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B3D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B3D000
|
| Size: |
12288
|
|
|
25C3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.3549926418.00000000025C3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
25C3000
|
| Size: |
4096
|
|
|
81AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110698711.00000000081AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81AE000
|
| Size: |
8192
|
|
|
7B70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3565617203.0000000007B70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B70000
|
| Size: |
20480
|
|
|
4D4D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1107963578.0000000004D4D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D4D000
|
| Size: |
4096
|
|
|
925000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3548467518.0000000000925000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
925000
|
| Size: |
12288
|
|
|
3202000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251157514.0000000003202000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3202000
|
| Size: |
20480
|
|
|
6850000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3560069729.0000000006850000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6850000
|
| Size: |
61440
|
|
|
7FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254001297.0000000007FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE0000
|
| Size: |
65536
|
|
|
12C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398865875.00000000012C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12C0000
|
| Size: |
12288
|
|
|
E0D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549849811.0000000000E0D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E0D000
|
| Size: |
12288
|
|
|
526C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557554222.000000000526C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
526C000
|
| Size: |
16384
|
|
|
3443000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251298414.0000000003443000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3443000
|
| Size: |
65536
|
|
|
20D9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1082564459.00000000020D9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20D9000
|
| Size: |
786432
|
|
|
3454000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251324649.0000000003454000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3454000
|
| Size: |
98304
|
|
|
3F90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215796115.0000000003F90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F90000
|
| Size: |
1187840
|
|
|
498D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556532480.000000000498D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
498D000
|
| Size: |
12288
|
|
|
4259000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1217214138.0000000004259000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4259000
|
| Size: |
4096
|
|
|
842E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110954593.000000000842E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
842E000
|
| Size: |
8192
|
|
|
3FB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1096552638.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
1187840
|
|
|
648C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405092069.000000000648C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
648C000
|
| Size: |
16384
|
|
|
169F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1206084403.000000000169F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
169F000
|
| Size: |
327680
|
|
|
4D54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108007874.0000000004D54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D54000
|
| Size: |
24576
|
|
|
7FF4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000007FF4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF4000
|
| Size: |
4096
|
|
|
3B34000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083411344.0000000003B34000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3B34000
|
| Size: |
8192
|
|
|
1C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099276478.0000000001C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C4E000
|
| Size: |
8192
|
|
|
6BBC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3560276150.0000000006BBC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BBC000
|
| Size: |
16384
|
|
|
5301000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252483790.0000000005301000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5301000
|
| Size: |
4096
|
|
|
41B9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1094778053.00000000041B9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41B9000
|
| Size: |
4096
|
|
|
5C1C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558155428.0000000005C1C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C1C000
|
| Size: |
16384
|
|
|
7B6B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3565528621.0000000007B6B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B6B000
|
| Size: |
20480
|
|
|
786C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3565000123.000000000786C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
786C000
|
| Size: |
16384
|
|
|
40D3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1096552638.00000000040D3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40D3000
|
| Size: |
507904
|
|
|
673B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559927910.000000000673B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
673B000
|
| Size: |
20480
|
|
|
7C3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1253922883.0000000007C3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C3D000
|
| Size: |
12288
|
|
|
1363000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1083067880.0000000001363000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1363000
|
| Size: |
45056
|
|
|
A800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1256445051.000000000A800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A800000
|
| Size: |
4096
|
|
|
8490000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219311305.0000000008490000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8490000
|
| Size: |
65536
|
|
|
4150000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1095922499.0000000004150000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4150000
|
| Size: |
1196032
|
|
|
6DD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405808897.0000000006DD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DD4000
|
| Size: |
36864
|
|
|
6DF3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405943466.0000000006DF3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6DF3000
|
| Size: |
40960
|
|
|
22A412C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202378522.0000022A412C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A412C4000
|
| Size: |
339968
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3052000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1098300029.0000000003052000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3052000
|
| Size: |
4096
|
|
|
AD54000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3568497936.000000000AD54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD54000
|
| Size: |
20480
|
|
|
7FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100521211.0000000007FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE0000
|
| Size: |
53248
|
|
|
572B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108607506.000000000572B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
572B000
|
| Size: |
53248
|
|
|
AD6C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3568497936.000000000AD6C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD6C000
|
| Size: |
8192
|
|
|
8FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1256393457.0000000008FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8FFE000
|
| Size: |
8192
|
|
|
CC9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1217882919.0000000000CC9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CC9000
|
| Size: |
28672
|
|
|
64A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405121587.00000000064A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
64A0000
|
| Size: |
4096
|
|
|
DB2000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1070690862.0000000000DB2000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
DB2000
|
| Size: |
8192
|
|
|
81D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219836259.00000000081D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81D0000
|
| Size: |
65536
|
|
|
12BB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1398843383.00000000012BB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12BB000
|
| Size: |
20480
|
|
|
16B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1202259775.00000000016B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16B5000
|
| Size: |
57344
|
|
|
3D9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1401224333.0000000003D9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D9F000
|
| Size: |
20480
|
|
|
8440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219421414.0000000008440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8440000
|
| Size: |
28672
|
|
|
7E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1099805597.0000000007E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7E00000
|
| Size: |
40960
|
|
|
5F5C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3558299155.0000000005F5C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F5C000
|
| Size: |
16384
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1086185910.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
598016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
139F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1086185910.000000000139F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
139F000
|
| Size: |
12288
|
|
|
4D26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556701751.0000000004D26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D26000
|
| Size: |
16384
|
|
|
8730000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1222305843.0000000008730000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8730000
|
| Size: |
8192
|
|
|
8720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1256290182.0000000008720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8720000
|
| Size: |
4096
|
|
|
5012000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1108381617.0000000005012000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5012000
|
| Size: |
4096
|
|
|
144E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1087047625.000000000144E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
144E000
|
| Size: |
262144
|
|
|
42EE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1097603950.00000000042EE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42EE000
|
| Size: |
24576
|
|
|
7FFC0C635000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.1202612972.00007FFC0C635000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFC0C635000
|
| Size: |
4096
|
|
|
6B7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3560244417.0000000006B7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B7D000
|
| Size: |
12288
|
|
|
7F70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100686164.0000000007F70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F70000
|
| Size: |
65536
|
|
|
3340000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.0000000003340000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3340000
|
| Size: |
135168
|
|
|
219E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218525600.000000000219E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
219E000
|
| Size: |
8192
|
|
|
420E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1214609396.000000000420E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
420E000
|
| Size: |
24576
|
|
|
7FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1254030309.0000000007FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF0000
|
| Size: |
12288
|
|
|
3449000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1217353284.0000000003449000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3449000
|
| Size: |
20480
|
|
|
638D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405065706.000000000638D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
638D000
|
| Size: |
12288
|
|
|
7F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102476755.0000000007F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F20000
|
| Size: |
65536
|
|
|
4D1E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556701751.0000000004D1E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D1E000
|
| Size: |
4096
|
|
|
5050000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1251893267.0000000005050000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5050000
|
| Size: |
4096
|
|
|
4D06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3556701751.0000000004D06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D06000
|
| Size: |
8192
|
|
|
40B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1217012066.00000000040B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40B3000
|
| Size: |
507904
|
|
|
31E0000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.1251135654.00000000031E0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
31E0000
|
| Size: |
4096
|
|
|
997000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1105777205.0000000000997000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
997000
|
| Size: |
57344
|
|
|
16A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1204870628.00000000016A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A5000
|
| Size: |
122880
|
|
|
5B56000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B56000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B56000
|
| Size: |
4096
|
|
|
4D77000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1108152788.0000000004D77000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D77000
|
| Size: |
4096
|
|
|
A9F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1217703947.0000000000A9F000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A9F000
|
| Size: |
147456
|
|
|
25C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3549956524.00000000025C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25C4000
|
| Size: |
8192
|
|
|
ABC2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3566567863.000000000ABC2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ABC2000
|
| Size: |
12288
|
|
|
8130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221280385.0000000008130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8130000
|
| Size: |
65536
|
|
|
8130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100307045.0000000008130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8130000
|
| Size: |
4096
|
|
|
6BFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3560310110.0000000006BFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BFC000
|
| Size: |
16384
|
|
|
42CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1215957567.00000000042CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42CE000
|
| Size: |
24576
|
|
|
5761000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403041580.0000000005761000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5761000
|
| Size: |
61440
|
|
|
4115000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1401224333.0000000004115000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4115000
|
| Size: |
716800
|
|
|
1624000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1071739693.0000000001624000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1624000
|
| Size: |
843776
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
15A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218182541.00000000015A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15A0000
|
| Size: |
24576
|
|
|
8190000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221059740.0000000008190000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8190000
|
| Size: |
65536
|
|
|
3E1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1206416359.0000000003E1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3E1B000
|
| Size: |
786432
|
|
|
876C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3565908944.000000000876C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
876C000
|
| Size: |
16384
|
|
|
7DE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110262389.0000000007DE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DE6000
|
| Size: |
20480
|
|
|
ABCA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3566672223.000000000ABCA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ABCA000
|
| Size: |
40960
|
|
|
1034000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1397929258.0000000001034000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1034000
|
| Size: |
12288
|
|
|
614B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404391665.000000000614B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
614B000
|
| Size: |
12288
|
|
|
1300000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399043679.0000000001300000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1300000
|
| Size: |
65536
|
|
|
4130000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1217214138.0000000004130000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4130000
|
| Size: |
1196032
|
|
|
5200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252405924.0000000005200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5200000
|
| Size: |
24576
|
|
|
5B0B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B0B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B0B000
|
| Size: |
4096
|
|
|
123C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1098894858.000000000123C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
123C000
|
| Size: |
16384
|
|
|
52CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402561537.00000000052CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52CE000
|
| Size: |
8192
|
|
|
73BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1407185100.00000000073BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
73BE000
|
| Size: |
8192
|
|
|
1680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1071641228.0000000001680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
4096
|
|
|
4D40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107897614.0000000004D40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D40000
|
| Size: |
8192
|
|
|
577E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1403076271.000000000577E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
577E000
|
| Size: |
8192
|
|
|
6DCF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405516511.0000000006DCF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DCF000
|
| Size: |
4096
|
|
|
2AEB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1106773794.0000000002AEB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2AEB000
|
| Size: |
20480
|
|
|
51F0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.1252386196.00000000051F0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
51F0000
|
| Size: |
4096
|
|
|
8110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220349635.0000000008110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8110000
|
| Size: |
65536
|
|
|
80D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100409885.00000000080D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80D0000
|
| Size: |
65536
|
|
|
5B01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B01000
|
| Size: |
28672
|
|
|
705D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406671152.000000000705D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
705D000
|
| Size: |
12288
|
|
|
3483000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218371777.0000000003483000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3483000
|
| Size: |
20480
|
|
|
7C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1110052150.0000000007C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C8E000
|
| Size: |
8192
|
|
|
73C56000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1111478452.0000000073C56000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C56000
|
| Size: |
28672
|
|
|
81F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219782915.00000000081F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81F0000
|
| Size: |
65536
|
|
|
AC4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1217703947.0000000000AC4000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AC4000
|
| Size: |
40960
|
|
|
856B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1111042375.000000000856B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
856B000
|
| Size: |
20480
|
|
|
347D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1218423629.000000000347D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
347D000
|
| Size: |
12288
|
|
|
8430000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1219452837.0000000008430000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8430000
|
| Size: |
65536
|
|
|
13CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1218028498.00000000013CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13CE000
|
| Size: |
8192
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1099066197.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
593920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1106669294.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
6DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1405516511.0000000006DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DA0000
|
| Size: |
4096
|
|
|
3A18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003A18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A18000
|
| Size: |
81920
|
|
|
5B39000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B39000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B39000
|
| Size: |
4096
|
|
|
6127000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404016837.0000000006127000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6127000
|
| Size: |
8192
|
|
|
F118FFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202100374.000000F118FFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F118FFF000
|
| Size: |
4096
|
|
|
22A42CD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202517207.0000022A42CD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A42CD0000
|
| Size: |
4096
|
|
|
7F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1100643210.0000000007F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F90000
|
| Size: |
65536
|
|
|
22A41360000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1202449577.0000022A41360000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22A41360000
|
| Size: |
4096
|
|
|
616F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404555775.000000000616F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
616F000
|
| Size: |
12288
|
|
|
5130000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3557494076.0000000005130000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5130000
|
| Size: |
12288
|
|
|
3A78000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3553769436.0000000003A78000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A78000
|
| Size: |
81920
|
|
|
7F50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1102362030.0000000007F50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F50000
|
| Size: |
20480
|
|
|
AA00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1256495712.000000000AA00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AA00000
|
| Size: |
4096
|
|
|
51D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402222444.00000000051D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51D0000
|
| Size: |
65536
|
|
|
8160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1220215071.0000000008160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8160000
|
| Size: |
65536
|
|
|
73C56000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.1407684582.0000000073C56000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
73C56000
|
| Size: |
28672
|
|
|
5278000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1402464250.0000000005278000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5278000
|
| Size: |
4096
|
|
|
34BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1221870549.00000000034BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34BE000
|
| Size: |
12288
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1083710947.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
630784
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3043000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1107243791.0000000003043000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3043000
|
| Size: |
28672
|
|
|
F2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1083004378.0000000000F2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F2E000
|
| Size: |
8192
|
|
|
61D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1404945365.00000000061D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61D5000
|
| Size: |
40960
|
|
|
CF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1082375700.0000000000CF0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CF0000
|
| Size: |
4096
|
|
|
635E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.3559239293.000000000635E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
635E000
|
| Size: |
8192
|
|
|
33A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1399260262.00000000033A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33A3000
|
| Size: |
8192
|
|
|
3451000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1217353284.0000000003451000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3451000
|
| Size: |
4096
|
|
|
ACE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1098616812.0000000000ACE000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
ACE000
|
| Size: |
36864
|
|
|
6EC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1406395533.0000000006EC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6EC0000
|
| Size: |
4096
|
|
|
5B26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1252787100.0000000005B26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5B26000
|
| Size: |
4096
|
|
