|
7FC000
|
heap
|
page read and write
|
 |
|
|
| Name: |
0000000F.00000002.1788740982.00000000007FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7FC000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
736000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1401897281.0000000000736000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
736000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
21028000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.1544692180.0000000021028000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21028000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
78A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694075061.000000000078A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
78A000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
21018000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.1641527274.0000000021018000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21018000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
7E490000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440237535.000000007E490000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E490000
|
| Size: |
471040
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| Public key (encryption) found |
Cryptography |
|
| URLs found in memory or binary data |
Networking |
|
|
|
82F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515636803.000000000082F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
82F000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
78C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610613341.000000000078C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
78C000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
218C9000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1424558075.00000000218C9000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
218C9000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
234D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1403021774.000000000234D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
234D000
|
| Size: |
225280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected DBatLoader |
Data Obfuscation |
|
|
|
8DC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870174059.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8DC000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
897000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855801503.0000000000897000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
897000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
20D00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1885744638.0000000020D00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20D00000
|
| Size: |
4096
|
|
|
2418000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856495510.0000000002418000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2418000
|
| Size: |
4096
|
|
|
229C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402810429.000000000229C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
229C000
|
| Size: |
16384
|
|
|
2077F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870456492.000000002077F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2077F000
|
| Size: |
4096
|
|
|
2460000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1612066897.0000000002460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2460000
|
| Size: |
4096
|
|
|
70E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515550637.000000000070E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
70E000
|
| Size: |
8192
|
|
|
30B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1414277326.00000000030B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30B0000
|
| Size: |
36864
|
|
|
2B3A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1411880661.0000000002B3A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B3A000
|
| Size: |
32768
|
|
|
31A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396707361.00000000031A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A3000
|
| Size: |
12288
|
|
|
2841000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1695079166.0000000002841000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2841000
|
| Size: |
16384
|
|
|
93F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611107160.000000000093F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
93F000
|
| Size: |
4096
|
|
|
20FDB000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1641099970.0000000020FDB000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FDB000
|
| Size: |
12288
|
|
|
680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855618297.0000000000680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
680000
|
| Size: |
4096
|
|
|
2380000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694830224.0000000002380000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2380000
|
| Size: |
16384
|
|
|
28CC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1612261435.00000000028CC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28CC000
|
| Size: |
4096
|
|
|
28C1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.1789556084.00000000028C1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
28C1000
|
| Size: |
155648
|
|
|
245D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870549964.000000000245D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
245D000
|
| Size: |
4096
|
|
|
47F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610417489.000000000047F000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
47F000
|
| Size: |
8192
|
|
|
FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494826832.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FD0000
|
| Size: |
8192
|
|
|
774000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610613341.0000000000774000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
774000
|
| Size: |
24576
|
|
|
20FD7000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1641099970.0000000020FD7000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FD7000
|
| Size: |
12288
|
|
|
3F1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000009.00000000.1410597026.00000000003F1000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
3F1000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
20E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722555420.0000000020E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E9E000
|
| Size: |
8192
|
|
|
2092E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722300034.000000002092E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2092E000
|
| Size: |
8192
|
|
|
20F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1641057349.0000000020F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20F9F000
|
| Size: |
4096
|
|
|
2464000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870549964.0000000002464000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2464000
|
| Size: |
8192
|
|
|
21024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423561057.0000000021024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21024000
|
| Size: |
135168
|
|
|
7FBDF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1383919511.000000007FBDF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBDF000
|
| Size: |
331776
|
|
|
740000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694075061.0000000000740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
740000
|
| Size: |
24576
|
|
|
2845000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1695146416.0000000002845000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2845000
|
| Size: |
4096
|
|
|
7EAAF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440992903.000000007EAAF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EAAF000
|
| Size: |
32768
|
|
|
20E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722526560.0000000020E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E5E000
|
| Size: |
8192
|
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515402721.00000000001F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
21520000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1424261948.0000000021520000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21520000
|
| Size: |
4096
|
|
|
2351000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694597746.0000000002351000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2351000
|
| Size: |
4096
|
|
|
7E598000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440592836.000000007E598000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E598000
|
| Size: |
40960
|
|
|
7FDBF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1383600989.000000007FDBF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FDBF000
|
| Size: |
135168
|
|
|
233C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694597746.000000000233C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
233C000
|
| Size: |
4096
|
|
|
20FE1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1641099970.0000000020FE1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FE1000
|
| Size: |
163840
|
|
|
B10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1407884212.0000000000B10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B10000
|
| Size: |
24576
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1395555604.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
28F1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789724321.00000000028F1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28F1000
|
| Size: |
16384
|
|
|
2980000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1411792126.0000000002980000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2980000
|
| Size: |
4096
|
|
|
6C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515504883.00000000006C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C5000
|
| Size: |
12288
|
|
|
7ECB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1388053652.000000007ECB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECB0000
|
| Size: |
4096
|
|
|
7B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788740982.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B0000
|
| Size: |
24576
|
|
|
7EA4F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1391159742.000000007EA4F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EA4F000
|
| Size: |
135168
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7E6AF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440815078.000000007E6AF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E6AF000
|
| Size: |
77824
|
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1869829616.00000000001F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
7EB10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1609227375.000000007EB10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB10000
|
| Size: |
4096
|
|
|
7FC70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1458244959.000000007FC70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC70000
|
| Size: |
4096
|
|
|
20A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1640863346.0000000020A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A7E000
|
| Size: |
8192
|
|
|
21035000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1544860195.0000000021035000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21035000
|
| Size: |
8192
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1693792219.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
43A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.1413614178.000000000043A000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
43A000
|
| Size: |
12288
|
|
|
7EB8F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1389522475.000000007EB8F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB8F000
|
| Size: |
200704
|
|
|
23CF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870549964.00000000023CF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23CF000
|
| Size: |
4096
|
|
|
207DC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1542459361.00000000207DC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207DC000
|
| Size: |
4096
|
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1400768893.00000000001F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
31A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1395340753.00000000031A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A3000
|
| Size: |
12288
|
|
|
244D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1403021774.000000000244D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
244D000
|
| Size: |
4096
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1400642581.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
482000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788398078.0000000000482000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
482000
|
| Size: |
16384
|
|
|
7EC50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1394925498.000000007EC50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC50000
|
| Size: |
40960
|
|
|
600000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1693995032.0000000000600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
600000
|
| Size: |
16384
|
|
|
207CD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1542459361.00000000207CD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207CD000
|
| Size: |
12288
|
|
|
7EB10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1392724839.000000007EB10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB10000
|
| Size: |
282624
|
|
|
20A6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722352701.0000000020A6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A6E000
|
| Size: |
8192
|
|
|
7EC7F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1388205458.000000007EC7F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC7F000
|
| Size: |
200704
|
|
|
2330000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402956620.0000000002330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2330000
|
| Size: |
16384
|
|
|
20BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1640913481.0000000020BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BEE000
|
| Size: |
8192
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1395592727.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
7EBF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1388205458.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBF0000
|
| Size: |
4096
|
|
|
2504000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516241242.0000000002504000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2504000
|
| Size: |
8192
|
|
|
206D9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.00000000206D9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206D9000
|
| Size: |
4096
|
|
|
31A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1394742380.00000000031A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A3000
|
| Size: |
12288
|
|
|
7FA17000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1384070136.000000007FA17000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA17000
|
| Size: |
4096
|
|
|
31A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1395408983.00000000031A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A4000
|
| Size: |
8192
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515379843.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
20E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1886152935.0000000020E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E5E000
|
| Size: |
8192
|
|
|
2AFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1411863160.0000000002AFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2AFE000
|
| Size: |
8192
|
|
|
2101A000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.1641527274.000000002101A000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2101A000
|
| Size: |
4096
|
|
|
229F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694597746.000000000229F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
229F000
|
| Size: |
4096
|
|
|
20A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802110226.0000000020A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A9E000
|
| Size: |
8192
|
|
|
6E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1401897281.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E0000
|
| Size: |
32768
|
|
|
1D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610349944.00000000001D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D5000
|
| Size: |
12288
|
|
|
23E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516180659.00000000023E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23E6000
|
| Size: |
8192
|
|
|
5EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1693952898.00000000005EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EE000
|
| Size: |
8192
|
|
|
24C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856772757.00000000024C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C6000
|
| Size: |
8192
|
|
|
2831000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870917664.0000000002831000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2831000
|
| Size: |
16384
|
|
|
2432000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870549964.0000000002432000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2432000
|
| Size: |
4096
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396857078.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
2063D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1721747799.000000002063D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2063D000
|
| Size: |
12288
|
|
|
207D4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1542459361.00000000207D4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207D4000
|
| Size: |
4096
|
|
|
7E490000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1898924385.000000007E490000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E490000
|
| Size: |
4096
|
|
|
20643000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883249305.0000000020643000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20643000
|
| Size: |
4096
|
|
|
2057F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1721747799.000000002057F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2057F000
|
| Size: |
4096
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1382748562.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
516096
|
|
|
206BF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1632225995.00000000206BF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206BF000
|
| Size: |
4096
|
|
|
7EB3F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1389946535.000000007EB3F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB3F000
|
| Size: |
135168
|
|
|
2360000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000E.00000002.1694812370.0000000002360000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2360000
|
| Size: |
4096
|
|
|
2D2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1412075818.0000000002D2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D2F000
|
| Size: |
4096
|
|
|
31A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1397868699.00000000031A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A3000
|
| Size: |
12288
|
|
|
D72000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1394619687.0000000000D72000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D72000
|
| Size: |
4096
|
|
|
31A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396267898.00000000031A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A3000
|
| Size: |
12288
|
|
|
20779000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870456492.0000000020779000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20779000
|
| Size: |
4096
|
|
|
2150000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611586581.0000000002150000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2150000
|
| Size: |
16384
|
|
|
2210000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694575803.0000000002210000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2210000
|
| Size: |
8192
|
|
|
1D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610349944.00000000001D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0000
|
| Size: |
16384
|
|
|
20E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802250029.0000000020E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E5E000
|
| Size: |
8192
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1395411384.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
7EB60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1441063230.000000007EB60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB60000
|
| Size: |
282624
|
|
|
2100000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611140041.0000000002100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2100000
|
| Size: |
4096
|
|
|
2062F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1721747799.000000002062F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2062F000
|
| Size: |
4096
|
|
|
7E508000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440237535.000000007E508000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E508000
|
| Size: |
40960
|
|
|
7ED1F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1388053652.000000007ED1F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED1F000
|
| Size: |
135168
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1394742380.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
31A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1397236833.00000000031A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A3000
|
| Size: |
12288
|
|
|
3F1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000A.00000000.1413570446.00000000003F1000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
3F1000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
206D4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1632225995.00000000206D4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206D4000
|
| Size: |
4096
|
|
|
7EC5E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1394925498.000000007EC5E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC5E000
|
| Size: |
401408
|
|
|
2801000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000010.00000002.1870782421.0000000002801000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2801000
|
| Size: |
155648
|
|
|
3F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.1411484543.00000000003F0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3F0000
|
| Size: |
4096
|
|
|
208BB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870715823.00000000208BB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
208BB000
|
| Size: |
20480
|
|
|
207EA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1542459361.00000000207EA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207EA000
|
| Size: |
12288
|
|
|
2630000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1525579391.0000000002630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2630000
|
| Size: |
4096
|
|
|
755000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855644383.0000000000755000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
755000
|
| Size: |
12288
|
|
|
6C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515504883.00000000006C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C0000
|
| Size: |
16384
|
|
|
84A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855801503.000000000084A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84A000
|
| Size: |
8192
|
|
|
780000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855725545.0000000000780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
4096
|
|
|
206CD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1632225995.00000000206CD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206CD000
|
| Size: |
12288
|
|
|
7E9AF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1391405812.000000007E9AF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E9AF000
|
| Size: |
16384
|
|
|
8DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1407810364.00000000008DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8DE000
|
| Size: |
8192
|
|
|
7EB9F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1392234966.000000007EB9F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB9F000
|
| Size: |
40960
|
|
|
2E50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1412176226.0000000002E50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E50000
|
| Size: |
12288
|
|
|
231C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789392211.000000000231C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
231C000
|
| Size: |
16384
|
|
|
22C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402845319.00000000022C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22C0000
|
| Size: |
4096
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1394221919.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
4096
|
|
|
2411000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856495510.0000000002411000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2411000
|
| Size: |
4096
|
|
|
207A3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870456492.00000000207A3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207A3000
|
| Size: |
4096
|
|
|
2613000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856833032.0000000002613000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2613000
|
| Size: |
8192
|
|
|
23C2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856495510.00000000023C2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C2000
|
| Size: |
4096
|
|
|
7DA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515636803.00000000007DA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DA000
|
| Size: |
8192
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722635341.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
206E3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1632225995.00000000206E3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206E3000
|
| Size: |
4096
|
|
|
2386000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694830224.0000000002386000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2386000
|
| Size: |
8192
|
|
|
7EBF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1392356515.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBF0000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610553439.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D0000
|
| Size: |
4096
|
|
|
7E58F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440592836.000000007E58F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E58F000
|
| Size: |
16384
|
|
|
7ECC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1387513215.000000007ECC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECC0000
|
| Size: |
8192
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396779695.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
20BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722413888.0000000020BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BEE000
|
| Size: |
8192
|
|
|
28D7000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1405687469.00000000028D7000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28D7000
|
| Size: |
57344
|
|
|
7EB10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1406739138.000000007EB10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB10000
|
| Size: |
4096
|
|
|
2653000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1525607738.0000000002653000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2653000
|
| Size: |
8192
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396707361.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
7DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515636803.00000000007DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DE000
|
| Size: |
196608
|
|
|
950000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856373655.0000000000950000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
950000
|
| Size: |
32768
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1394567280.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
4096
|
|
|
2281000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789126973.0000000002281000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2281000
|
| Size: |
4096
|
|
|
41E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1414000194.000000000041E000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
41E000
|
| Size: |
4096
|
|
|
6F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788559862.00000000006F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F0000
|
| Size: |
16384
|
|
|
7EB10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1869066054.000000007EB10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB10000
|
| Size: |
4096
|
|
|
20FDF000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1641099970.0000000020FDF000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FDF000
|
| Size: |
4096
|
|
|
7E9B4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1391405812.000000007E9B4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E9B4000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3F1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000009.00000002.1411510102.00000000003F1000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
3F1000
|
| Size: |
180224
|
|
|
2320000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402919637.0000000002320000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2320000
|
| Size: |
4096
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1399067370.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
7F790000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1442551960.000000007F790000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F790000
|
| Size: |
4096
|
|
|
D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494776285.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D40000
|
| Size: |
36864
|
|
|
81E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402603545.000000000081E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81E000
|
| Size: |
8192
|
|
|
31A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1394798901.00000000031A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A4000
|
| Size: |
8192
|
|
|
247A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870549964.000000000247A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
247A000
|
| Size: |
8192
|
|
|
20EBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1543730112.0000000020EBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EBE000
|
| Size: |
8192
|
|
|
20644000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1721747799.0000000020644000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20644000
|
| Size: |
4096
|
|
|
C2E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494714812.0000000000C2E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C2E000
|
| Size: |
8192
|
|
|
7C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1405256608.00000000007C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C5000
|
| Size: |
4096
|
|
|
7FA11000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1442604956.000000007FA11000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA11000
|
| Size: |
4096
|
|
|
2454000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1403021774.0000000002454000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2454000
|
| Size: |
8192
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1394734053.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
24FD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516241242.00000000024FD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24FD000
|
| Size: |
4096
|
|
|
20E4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423503637.0000000020E4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E4E000
|
| Size: |
8192
|
|
|
2065A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1721747799.000000002065A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2065A000
|
| Size: |
12288
|
|
|
740000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610613341.0000000000740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
740000
|
| Size: |
24576
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855491697.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
6B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1401857625.00000000006B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B0000
|
| Size: |
24576
|
|
|
2970000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1411769395.0000000002970000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2970000
|
| Size: |
4096
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1382725645.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
230A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611724876.000000000230A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
230A000
|
| Size: |
8192
|
|
|
29A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1411812399.00000000029A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A0000
|
| Size: |
20480
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396916419.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
238E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516140374.000000000238E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
238E000
|
| Size: |
8192
|
|
|
7FAB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1383919511.000000007FAB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAB0000
|
| Size: |
4096
|
|
|
7E36F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1397700836.000000007E36F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E36F000
|
| Size: |
4096
|
|
|
3480000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414959810.0000000003480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3480000
|
| Size: |
8192
|
|
|
20794000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870456492.0000000020794000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20794000
|
| Size: |
4096
|
|
|
F7E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414678555.0000000000F7E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
F7E000
|
| Size: |
8192
|
|
|
28D5000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1612342061.00000000028D5000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
28D5000
|
| Size: |
8192
|
|
|
7EC50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395787001.000000007EC50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC50000
|
| Size: |
458752
|
|
|
D6E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494808845.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D6E000
|
| Size: |
24576
|
|
|
208EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722273482.00000000208EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
208EF000
|
| Size: |
4096
|
|
|
5A8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1382870982.00000000005A8000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5A8000
|
| Size: |
4096
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1400392450.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
4096
|
|
|
205D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.00000000205D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
205D0000
|
| Size: |
4096
|
|
|
20FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1641078520.0000000020FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FA0000
|
| Size: |
4096
|
|
|
7EB60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1389761380.000000007EB60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB60000
|
| Size: |
458752
|
|
|
20D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423472561.0000000020D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D4E000
|
| Size: |
8192
|
|
|
20D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722498708.0000000020D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D5E000
|
| Size: |
8192
|
|
|
81C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855768603.000000000081C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81C000
|
| Size: |
16384
|
|
|
31BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1400354232.00000000031BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BE000
|
| Size: |
12288
|
|
|
208FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1543492925.00000000208FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
208FB000
|
| Size: |
20480
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1394946097.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
2303000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611724876.0000000002303000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2303000
|
| Size: |
4096
|
|
|
C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494744089.0000000000C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C7E000
|
| Size: |
8192
|
|
|
30BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1414277326.00000000030BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30BA000
|
| Size: |
32768
|
|
|
2358000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694597746.0000000002358000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2358000
|
| Size: |
4096
|
|
|
338F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414830214.000000000338F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
338F000
|
| Size: |
4096
|
|
|
207EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722243301.00000000207EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207EE000
|
| Size: |
8192
|
|
|
3190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414776734.0000000003190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3190000
|
| Size: |
40960
|
|
|
7DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1407748403.00000000007DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DD000
|
| Size: |
24576
|
|
|
E50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414644908.0000000000E50000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E50000
|
| Size: |
4096
|
|
|
20ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423373041.0000000020ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20ACE000
|
| Size: |
8192
|
|
|
28C7000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1612261435.00000000028C7000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28C7000
|
| Size: |
4096
|
|
|
6BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788456223.00000000006BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BE000
|
| Size: |
8192
|
|
|
7EC84000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1392356515.000000007EC84000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC84000
|
| Size: |
208896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
773000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694075061.0000000000773000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
773000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
31D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1414405719.00000000031D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31D0000
|
| Size: |
8192
|
|
|
2811000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000E.00000002.1694944231.0000000002811000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2811000
|
| Size: |
155648
|
|
|
41E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1411546396.000000000041E000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
41E000
|
| Size: |
4096
|
|
|
314F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414733741.000000000314F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
314F000
|
| Size: |
4096
|
|
|
AED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414582369.0000000000AED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AED000
|
| Size: |
12288
|
|
|
2095E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802062699.000000002095E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2095E000
|
| Size: |
8192
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1869767302.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
21871000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1424353913.0000000021871000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
21871000
|
| Size: |
360448
|
|
|
31D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1412238801.00000000031D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31D0000
|
| Size: |
8192
|
|
|
2232000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789126973.0000000002232000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2232000
|
| Size: |
4096
|
|
|
940000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856373655.0000000000940000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
32768
|
|
|
7EC03000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1392356515.000000007EC03000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC03000
|
| Size: |
524288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7E490000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1746696276.000000007E490000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E490000
|
| Size: |
4096
|
|
|
850000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870088427.0000000000850000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
850000
|
| Size: |
4096
|
|
|
2081B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802008380.000000002081B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2081B000
|
| Size: |
20480
|
|
|
41E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000009.00000000.1410642881.000000000041E000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
41E000
|
| Size: |
4096
|
|
|
206FA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.00000000206FA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206FA000
|
| Size: |
16384
|
|
|
206F4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.00000000206F4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206F4000
|
| Size: |
4096
|
|
|
2B30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1411880661.0000000002B30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B30000
|
| Size: |
36864
|
|
|
5130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1404062619.0000000005130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5130000
|
| Size: |
4096
|
|
|
7E9F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440992903.000000007E9F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E9F0000
|
| Size: |
4096
|
|
|
209FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1543531479.00000000209FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
209FF000
|
| Size: |
4096
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1641700252.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
23FC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856495510.00000000023FC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23FC000
|
| Size: |
4096
|
|
|
3D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1405662658.00000000003D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D0000
|
| Size: |
4096
|
|
|
3F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.1413548328.00000000003F0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3F0000
|
| Size: |
4096
|
|
|
21510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1396173897.0000000021510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21510000
|
| Size: |
4096
|
|
|
206DC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1632225995.00000000206DC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206DC000
|
| Size: |
4096
|
|
|
3ECCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3883816281.000000003ECCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ECCE000
|
| Size: |
8192
|
|
|
70E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1869984852.000000000070E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
70E000
|
| Size: |
8192
|
|
|
826000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515636803.0000000000826000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
826000
|
| Size: |
8192
|
|
|
2343000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694597746.0000000002343000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2343000
|
| Size: |
4096
|
|
|
31A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1395592727.00000000031A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A4000
|
| Size: |
8192
|
|
|
2478000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1403021774.0000000002478000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2478000
|
| Size: |
4096
|
|
|
2463000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1612066897.0000000002463000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2463000
|
| Size: |
8192
|
|
|
2061F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883249305.000000002061F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2061F000
|
| Size: |
4096
|
|
|
24B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870755887.00000000024B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24B0000
|
| Size: |
8192
|
|
|
206DD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.00000000206DD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206DD000
|
| Size: |
16384
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1397868699.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
241F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611995892.000000000241F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
241F000
|
| Size: |
4096
|
|
|
20AFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1543555163.0000000020AFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20AFF000
|
| Size: |
4096
|
|
|
7C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1406962644.00000000007C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C5000
|
| Size: |
4096
|
|
|
20E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423522551.0000000020E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E8E000
|
| Size: |
8192
|
|
|
47F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1693880219.000000000047F000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
47F000
|
| Size: |
8192
|
|
|
206EC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.00000000206EC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206EC000
|
| Size: |
4096
|
|
|
2156000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611586581.0000000002156000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2156000
|
| Size: |
8192
|
|
|
898000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870174059.0000000000898000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
898000
|
| Size: |
266240
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
29D5000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1527185859.00000000029D5000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
29D5000
|
| Size: |
4096
|
|
|
A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402684409.0000000000A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A5F000
|
| Size: |
4096
|
|
|
20809000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423185789.0000000020809000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20809000
|
| Size: |
20480
|
|
|
7DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1404148627.00000000007DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DD000
|
| Size: |
24576
|
|
|
2650000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1525607738.0000000002650000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2650000
|
| Size: |
4096
|
|
|
757000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1393197868.0000000000757000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
757000
|
| Size: |
139264
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802355145.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
7DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1404738334.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DB000
|
| Size: |
4096
|
|
|
20703000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.0000000020703000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20703000
|
| Size: |
4096
|
|
|
20FEB000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000B.00000002.1543798024.0000000020FEB000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FEB000
|
| Size: |
12288
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870816827.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
7B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788740982.00000000007B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B8000
|
| Size: |
180224
|
|
|
20D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1640977817.0000000020D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D5E000
|
| Size: |
8192
|
|
|
71E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694052605.000000000071E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71E000
|
| Size: |
8192
|
|
|
2488000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870549964.0000000002488000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2488000
|
| Size: |
4096
|
|
|
20688000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1632225995.0000000020688000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20688000
|
| Size: |
4096
|
|
|
840000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855801503.0000000000840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
840000
|
| Size: |
32768
|
|
|
7EBD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1391920630.000000007EBD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBD0000
|
| Size: |
823296
|
|
|
7BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1406962644.00000000007BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BA000
|
| Size: |
8192
|
|
|
7ECBF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1407079838.000000007ECBF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECBF000
|
| Size: |
4096
|
|
|
7AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1393197868.00000000007AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AA000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
7FAC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1445056645.000000007FAC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAC0000
|
| Size: |
1679360
|
|
|
48B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1382870982.000000000048B000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
48B000
|
| Size: |
1163264
|
|
|
2463000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1403021774.0000000002463000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2463000
|
| Size: |
4096
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1394798901.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414776734.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
12288
|
|
|
FC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414712068.0000000000FC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FC0000
|
| Size: |
4096
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1406962644.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
28672
|
|
|
7FC5F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1445056645.000000007FC5F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC5F000
|
| Size: |
4096
|
|
|
7F800000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1384240428.000000007F800000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F800000
|
| Size: |
1052672
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1394694600.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
7ECC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1441291919.000000007ECC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECC0000
|
| Size: |
4096
|
|
|
7EA9F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1390092739.000000007EA9F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EA9F000
|
| Size: |
200704
|
|
|
2987000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3857089785.0000000002987000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2987000
|
| Size: |
4096
|
|
|
482000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1400858757.0000000000482000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
482000
|
| Size: |
20480
|
|
|
2513000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516241242.0000000002513000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2513000
|
| Size: |
4096
|
|
|
31BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1401986074.00000000031BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BE000
|
| Size: |
12288
|
|
|
6EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1401897281.00000000006EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6EA000
|
| Size: |
8192
|
|
|
29D1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1526249580.00000000029D1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29D1000
|
| Size: |
16384
|
|
|
2064C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1721747799.000000002064C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2064C000
|
| Size: |
4096
|
|
|
20FC1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000B.00000002.1543798024.0000000020FC1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FC1000
|
| Size: |
122880
|
|
|
324F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494884054.000000000324F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
324F000
|
| Size: |
4096
|
|
|
20A2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722327090.0000000020A2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A2F000
|
| Size: |
4096
|
|
|
7E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788740982.00000000007E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E5000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7EBF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1387513215.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBF0000
|
| Size: |
4096
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1693976725.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
4096
|
|
|
20CEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1640936586.0000000020CEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20CEF000
|
| Size: |
4096
|
|
|
31A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1401838228.00000000031A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A4000
|
| Size: |
8192
|
|
|
7EBF6000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1387513215.000000007EBF6000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBF6000
|
| Size: |
806912
|
|
|
D53000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1395800744.0000000000D53000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D53000
|
| Size: |
4096
|
|
|
7EE7A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1441368094.000000007EE7A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE7A000
|
| Size: |
4096
|
|
|
28B1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1405520416.00000000028B1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
28B1000
|
| Size: |
155648
|
|
|
7EB10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1514309874.000000007EB10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB10000
|
| Size: |
4096
|
|
|
482000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1869890345.0000000000482000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
482000
|
| Size: |
16384
|
|
|
20629000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1721747799.0000000020629000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20629000
|
| Size: |
4096
|
|
|
23E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516180659.00000000023E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23E0000
|
| Size: |
16384
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1886797109.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
47F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855548634.000000000047F000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
47F000
|
| Size: |
8192
|
|
|
206ED000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.00000000206ED000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206ED000
|
| Size: |
12288
|
|
|
790000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3855747481.0000000000790000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
790000
|
| Size: |
4096
|
|
|
2310000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402892528.0000000002310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2310000
|
| Size: |
8192
|
|
|
20773000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1542459361.0000000020773000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20773000
|
| Size: |
262144
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2056F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883249305.000000002056F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2056F000
|
| Size: |
4096
|
|
|
482000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855570876.0000000000482000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
482000
|
| Size: |
16384
|
|
|
2063C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883249305.000000002063C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2063C000
|
| Size: |
4096
|
|
|
9AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789102830.00000000009AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9AF000
|
| Size: |
4096
|
|
|
20C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423430255.0000000020C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C0E000
|
| Size: |
8192
|
|
|
206F3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.00000000206F3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206F3000
|
| Size: |
4096
|
|
|
3F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1410575509.00000000003F0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3F0000
|
| Size: |
4096
|
|
|
870000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870133818.0000000000870000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
870000
|
| Size: |
4096
|
|
|
7EAD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1389946535.000000007EAD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EAD0000
|
| Size: |
4096
|
|
|
790000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1515622065.0000000000790000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
790000
|
| Size: |
4096
|
|
|
20E7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1543698438.0000000020E7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E7E000
|
| Size: |
8192
|
|
|
7DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1405395744.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DB000
|
| Size: |
4096
|
|
|
2403000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856495510.0000000002403000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2403000
|
| Size: |
4096
|
|
|
2ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1411839223.0000000002ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ABE000
|
| Size: |
8192
|
|
|
31A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1402038100.00000000031A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A4000
|
| Size: |
8192
|
|
|
2079B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883947335.000000002079B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2079B000
|
| Size: |
20480
|
|
|
20D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1886013409.0000000020D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D5E000
|
| Size: |
8192
|
|
|
43A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1410669674.000000000043A000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
43A000
|
| Size: |
12288
|
|
|
2080F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423231511.000000002080F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2080F000
|
| Size: |
4096
|
|
|
D4B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494776285.0000000000D4B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D4B000
|
| Size: |
32768
|
|
|
7A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1788714936.00000000007A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7A0000
|
| Size: |
4096
|
|
|
2340000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516118646.0000000002340000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2340000
|
| Size: |
8192
|
|
|
7F6AE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1442450554.000000007F6AE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6AE000
|
| Size: |
16384
|
|
|
6CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610528377.00000000006CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CE000
|
| Size: |
8192
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610321865.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
232D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694597746.000000000232D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
232D000
|
| Size: |
4096
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1395437422.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
7EB10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000003.1787471370.000000007EB10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB10000
|
| Size: |
4096
|
|
|
2288000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789126973.0000000002288000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2288000
|
| Size: |
4096
|
|
|
81F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870067840.000000000081F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81F000
|
| Size: |
4096
|
|
|
7EC30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1441265282.000000007EC30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC30000
|
| Size: |
4096
|
|
|
28D1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1612261435.00000000028D1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28D1000
|
| Size: |
16384
|
|
|
43A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.1411572164.000000000043A000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
43A000
|
| Size: |
12288
|
|
|
28A1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1612122561.00000000028A1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
28A1000
|
| Size: |
155648
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1395501958.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
206AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722161977.00000000206AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
206AC000
|
| Size: |
16384
|
|
|
3C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1405631570.00000000003C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C0000
|
| Size: |
4096
|
|
|
218E8000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1424675357.00000000218E8000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
218E8000
|
| Size: |
36864
|
|
|
20CEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1885608785.0000000020CEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20CEF000
|
| Size: |
4096
|
|
|
2064A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883249305.000000002064A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2064A000
|
| Size: |
12288
|
|
|
77B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610613341.000000000077B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
77B000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
755000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1401897281.0000000000755000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
755000
|
| Size: |
40960
|
|
|
21D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611688723.00000000021D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21D0000
|
| Size: |
8192
|
|
|
47F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1400832408.000000000047F000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
47F000
|
| Size: |
8192
|
|
|
31BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1400924785.00000000031BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BE000
|
| Size: |
12288
|
|
|
2101D000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.1641527274.000000002101D000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2101D000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1394607546.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
4096
|
|
|
7EC2F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1389289354.000000007EC2F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC2F000
|
| Size: |
135168
|
|
|
7DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1407748403.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DB000
|
| Size: |
4096
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396382195.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
7EC70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1407258553.000000007EC70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC70000
|
| Size: |
4096
|
|
|
20E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870793349.0000000020E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20E60000
|
| Size: |
4096
|
|
|
22C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402845319.00000000022C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22C3000
|
| Size: |
8192
|
|
|
880000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855801503.0000000000880000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
880000
|
| Size: |
4096
|
|
|
43E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.1414061650.000000000043E000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
43E000
|
| Size: |
49152
|
|
|
31A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1397550299.00000000031A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A4000
|
| Size: |
8192
|
|
|
2062D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883249305.000000002062D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2062D000
|
| Size: |
12288
|
|
|
207AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722205608.00000000207AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207AB000
|
| Size: |
20480
|
|
|
760000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515590456.0000000000760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
4096
|
|
|
2346000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870496950.0000000002346000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2346000
|
| Size: |
8192
|
|
|
20E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1641003886.0000000020E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E5E000
|
| Size: |
8192
|
|
|
690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1406647383.0000000000690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
690000
|
| Size: |
20480
|
|
|
21032000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1544860195.0000000021032000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21032000
|
| Size: |
8192
|
|
|
482000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515445519.0000000000482000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
482000
|
| Size: |
16384
|
|
|
20B6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1885356611.0000000020B6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20B6F000
|
| Size: |
4096
|
|
|
41E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000A.00000000.1413594958.000000000041E000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
41E000
|
| Size: |
4096
|
|
|
84E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855801503.000000000084E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84E000
|
| Size: |
131072
|
|
|
207B1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870456492.00000000207B1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207B1000
|
| Size: |
4096
|
|
|
206CF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.00000000206CF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206CF000
|
| Size: |
4096
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1395380107.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
47F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1869865068.000000000047F000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
47F000
|
| Size: |
8192
|
|
|
314F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494841388.000000000314F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
314F000
|
| Size: |
4096
|
|
|
20FB1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1641099970.0000000020FB1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FB1000
|
| Size: |
122880
|
|
|
35A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1405537722.000000000035A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35A000
|
| Size: |
24576
|
|
|
2389000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1403021774.0000000002389000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2389000
|
| Size: |
602112
|
|
|
482000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1693904595.0000000000482000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
482000
|
| Size: |
16384
|
|
|
206A8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.00000000206A8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206A8000
|
| Size: |
4096
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1395319524.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
20D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802199270.0000000020D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D0F000
|
| Size: |
4096
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788270082.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
20A2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1885030273.0000000020A2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A2F000
|
| Size: |
4096
|
|
|
208FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1640785237.00000000208FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
208FF000
|
| Size: |
4096
|
|
|
2102A000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.1544692180.000000002102A000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2102A000
|
| Size: |
4096
|
|
|
74E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515571194.000000000074E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
74E000
|
| Size: |
8192
|
|
|
47F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515426557.000000000047F000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
47F000
|
| Size: |
8192
|
|
|
2200000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694546469.0000000002200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2200000
|
| Size: |
4096
|
|
|
7EC70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1406870655.000000007EC70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC70000
|
| Size: |
4096
|
|
|
206F8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1632225995.00000000206F8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206F8000
|
| Size: |
8192
|
|
|
7ECD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1387158860.000000007ECD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECD0000
|
| Size: |
1679360
|
|
|
7E9E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1391159742.000000007E9E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E9E0000
|
| Size: |
4096
|
|
|
31A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396382195.00000000031A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A4000
|
| Size: |
8192
|
|
|
245E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1612035855.000000000245E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
245E000
|
| Size: |
8192
|
|
|
31A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396857078.00000000031A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A3000
|
| Size: |
12288
|
|
|
2070A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.000000002070A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2070A000
|
| Size: |
12288
|
|
|
7EB10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.1692720439.000000007EB10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB10000
|
| Size: |
4096
|
|
|
47F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788371977.000000000047F000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
47F000
|
| Size: |
8192
|
|
|
2E2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1412129558.0000000002E2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E2F000
|
| Size: |
4096
|
|
|
20D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1543665242.0000000020D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D7E000
|
| Size: |
8192
|
|
|
D6E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1394653580.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D6E000
|
| Size: |
4096
|
|
|
3F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.1413951618.00000000003F0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3F0000
|
| Size: |
4096
|
|
|
205E8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883249305.00000000205E8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
205E8000
|
| Size: |
4096
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1394754975.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
283D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1411671597.000000000283D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
283D000
|
| Size: |
12288
|
|
|
2E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1414163238.0000000002E20000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E20000
|
| Size: |
4096
|
|
|
20718000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.0000000020718000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20718000
|
| Size: |
8192
|
|
|
A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870475051.0000000000A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A8F000
|
| Size: |
4096
|
|
|
7EE6F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1387158860.000000007EE6F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE6F000
|
| Size: |
4096
|
|
|
7E490000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1815165425.000000007E490000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E490000
|
| Size: |
4096
|
|
|
7D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1404148627.00000000007D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D6000
|
| Size: |
8192
|
|
|
7FD1F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1383824028.000000007FD1F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD1F000
|
| Size: |
266240
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1394778849.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
7E34F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1397700836.000000007E34F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E34F000
|
| Size: |
110592
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515350730.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
853000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870088427.0000000000853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
853000
|
| Size: |
8192
|
|
|
20F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722582380.0000000020F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20F9F000
|
| Size: |
4096
|
|
|
206B9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1632225995.00000000206B9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206B9000
|
| Size: |
4096
|
|
|
22B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789360416.00000000022B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22B0000
|
| Size: |
8192
|
|
|
2092E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1884088892.000000002092E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2092E000
|
| Size: |
8192
|
|
|
6C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788482281.00000000006C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C0000
|
| Size: |
16384
|
|
|
2F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1414181011.0000000002F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
8192
|
|
|
748000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694075061.0000000000748000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
748000
|
| Size: |
94208
|
|
|
BED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414602464.0000000000BED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BED000
|
| Size: |
12288
|
|
|
319C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414776734.000000000319C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
319C000
|
| Size: |
40960
|
|
|
750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855644383.0000000000750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
16384
|
|
|
246C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870549964.000000000246C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
246C000
|
| Size: |
4096
|
|
|
21019000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.1544692180.0000000021019000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21019000
|
| Size: |
40960
|
|
|
2069C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883896423.000000002069C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2069C000
|
| Size: |
16384
|
|
|
2084E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423256514.000000002084E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2084E000
|
| Size: |
8192
|
|
|
7E490000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1572823847.000000007E490000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E490000
|
| Size: |
4096
|
|
|
20F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802302597.0000000020F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20F9F000
|
| Size: |
4096
|
|
|
22F4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611724876.00000000022F4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22F4000
|
| Size: |
8192
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1402038100.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
4096
|
|
|
77B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1393197868.000000000077B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
77B000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
7FE1F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1383743231.000000007FE1F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE1F000
|
| Size: |
200704
|
|
|
715000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870008837.0000000000715000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
715000
|
| Size: |
8192
|
|
|
23F4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856495510.00000000023F4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23F4000
|
| Size: |
8192
|
|
|
7DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1405395744.00000000007DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DD000
|
| Size: |
24576
|
|
|
7D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1405395744.00000000007D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D7000
|
| Size: |
4096
|
|
|
21009000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.1641527274.0000000021009000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21009000
|
| Size: |
40960
|
|
|
20A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802090540.0000000020A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A5F000
|
| Size: |
4096
|
|
|
31A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396997105.00000000031A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A4000
|
| Size: |
8192
|
|
|
207B8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870456492.00000000207B8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207B8000
|
| Size: |
8192
|
|
|
7E490000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1655960713.000000007E490000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E490000
|
| Size: |
4096
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1401838228.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
4096
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1395259393.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
2067C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.000000002067C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2067C000
|
| Size: |
262144
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
91F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402636447.000000000091F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
91F000
|
| Size: |
4096
|
|
|
7E640000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440815078.000000007E640000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E640000
|
| Size: |
4096
|
|
|
20F8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423544826.0000000020F8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20F8F000
|
| Size: |
4096
|
|
|
28E5000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1405763856.00000000028E5000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
28E5000
|
| Size: |
20480
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1395340753.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
20D00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722465675.0000000020D00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20D00000
|
| Size: |
4096
|
|
|
2078D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870456492.000000002078D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2078D000
|
| Size: |
12288
|
|
|
86F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855801503.000000000086F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
86F000
|
| Size: |
65536
|
|
|
9CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516036537.00000000009CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9CF000
|
| Size: |
4096
|
|
|
760000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610613341.0000000000760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
77824
|
|
|
20708000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.0000000020708000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20708000
|
| Size: |
12288
|
|
|
20D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802221129.0000000020D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D5E000
|
| Size: |
8192
|
|
|
20C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802164755.0000000020C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C0E000
|
| Size: |
8192
|
|
|
251A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516241242.000000000251A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
251A000
|
| Size: |
8192
|
|
|
2093E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1640813452.000000002093E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2093E000
|
| Size: |
8192
|
|
|
680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1401826993.0000000000680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
680000
|
| Size: |
4096
|
|
|
760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1401897281.0000000000760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
139264
|
|
|
7D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1407718095.00000000007D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D6000
|
| Size: |
4096
|
|
|
31A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1399067370.00000000031A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A4000
|
| Size: |
8192
|
|
|
21AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611651382.00000000021AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
21AC000
|
| Size: |
16384
|
|
|
31A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396916419.00000000031A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A3000
|
| Size: |
12288
|
|
|
91F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1407842249.000000000091F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
91F000
|
| Size: |
4096
|
|
|
20E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1886297566.0000000020E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E9E000
|
| Size: |
8192
|
|
|
6BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1869937511.00000000006BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BE000
|
| Size: |
8192
|
|
|
7A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1406962644.00000000007A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A9000
|
| Size: |
8192
|
|
|
2117F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423981134.000000002117F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2117F000
|
| Size: |
331776
|
|
|
67F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1405800283.000000000067F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67F000
|
| Size: |
4096
|
|
|
20FE4000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000B.00000002.1543798024.0000000020FE4000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FE4000
|
| Size: |
8192
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1397550299.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
7EC50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1388951834.000000007EC50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC50000
|
| Size: |
458752
|
|
|
7F790000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3884340844.000000007F790000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F790000
|
| Size: |
4096
|
|
|
7EC30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1573008952.000000007EC30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC30000
|
| Size: |
4096
|
|
|
24C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694899106.00000000024C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C3000
|
| Size: |
8192
|
|
|
2145C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1424234703.000000002145C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2145C000
|
| Size: |
16384
|
|
|
80F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515636803.000000000080F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
80F000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
207EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1884000389.00000000207EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207EE000
|
| Size: |
8192
|
|
|
2062F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.000000002062F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2062F000
|
| Size: |
4096
|
|
|
2835000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1870987832.0000000002835000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2835000
|
| Size: |
4096
|
|
|
482000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610446896.0000000000482000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
482000
|
| Size: |
20480
|
|
|
43E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.1413629593.000000000043E000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
43E000
|
| Size: |
49152
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396997105.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
29A1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000B.00000002.1525678718.00000000029A1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
29A1000
|
| Size: |
155648
|
|
|
28B0000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1405482660.00000000028B0000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
28B0000
|
| Size: |
4096
|
|
|
207C6000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1542459361.00000000207C6000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207C6000
|
| Size: |
4096
|
|
|
24C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694899106.00000000024C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C0000
|
| Size: |
4096
|
|
|
73E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788639710.000000000073E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
73E000
|
| Size: |
8192
|
|
|
2340000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870496950.0000000002340000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2340000
|
| Size: |
16384
|
|
|
7BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1405367775.00000000007BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BA000
|
| Size: |
8192
|
|
|
742000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1393481981.0000000000742000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
742000
|
| Size: |
81920
|
|
|
2610000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856833032.0000000002610000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2610000
|
| Size: |
4096
|
|
|
748000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610613341.0000000000748000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
748000
|
| Size: |
94208
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1886797109.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
20B9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802138065.0000000020B9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20B9F000
|
| Size: |
4096
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1395408983.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
2473000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870549964.0000000002473000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2473000
|
| Size: |
4096
|
|
|
31A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1400392450.00000000031A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A4000
|
| Size: |
8192
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1394169368.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
4096
|
|
|
7F907000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1384240428.000000007F907000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F907000
|
| Size: |
4096
|
|
|
7ED7F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1441291919.000000007ED7F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED7F000
|
| Size: |
49152
|
|
|
76A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694075061.000000000076A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76A000
|
| Size: |
32768
|
|
|
7EC5E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395481204.000000007EC5E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC5E000
|
| Size: |
401408
|
|
|
2405000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516241242.0000000002405000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2405000
|
| Size: |
4096
|
|
|
2110000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1611560666.0000000002110000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2110000
|
| Size: |
4096
|
|
|
2135C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1424208388.000000002135C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2135C000
|
| Size: |
16384
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1395351582.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
20711000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.0000000020711000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20711000
|
| Size: |
4096
|
|
|
43E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.1411572164.000000000043E000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
43E000
|
| Size: |
49152
|
|
|
29C7000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1526249580.00000000029C7000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29C7000
|
| Size: |
4096
|
|
|
206CF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870456492.00000000206CF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206CF000
|
| Size: |
4096
|
|
|
C30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494729801.0000000000C30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C30000
|
| Size: |
4096
|
|
|
7D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515636803.00000000007D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D0000
|
| Size: |
32768
|
|
|
23ED000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856495510.00000000023ED000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23ED000
|
| Size: |
4096
|
|
|
20FD4000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1641099970.0000000020FD4000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FD4000
|
| Size: |
8192
|
|
|
7E020000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440166337.000000007E020000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E020000
|
| Size: |
4096
|
|
|
7EC70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1407079838.000000007EC70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC70000
|
| Size: |
4096
|
|
|
5B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610498081.00000000005B0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B0000
|
| Size: |
4096
|
|
|
72E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610583961.000000000072E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
72E000
|
| Size: |
8192
|
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1693853751.00000000001F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
207F8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1542459361.00000000207F8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207F8000
|
| Size: |
8192
|
|
|
7EAE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1392234966.000000007EAE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EAE0000
|
| Size: |
4096
|
|
|
2ABD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1414105401.0000000002ABD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ABD000
|
| Size: |
12288
|
|
|
2070F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1542459361.000000002070F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2070F000
|
| Size: |
405504
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
20FF1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000B.00000002.1543798024.0000000020FF1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FF1000
|
| Size: |
163840
|
|
|
D53000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1395462050.0000000000D53000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D53000
|
| Size: |
4096
|
|
|
7FD60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1383743231.000000007FD60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD60000
|
| Size: |
4096
|
|
|
205E4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.00000000205E4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
205E4000
|
| Size: |
618496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788307422.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
236E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789438660.000000000236E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
236E000
|
| Size: |
8192
|
|
|
207E3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1542459361.00000000207E3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207E3000
|
| Size: |
4096
|
|
|
20619000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883249305.0000000020619000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20619000
|
| Size: |
4096
|
|
|
7E920000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1391405812.000000007E920000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E920000
|
| Size: |
4096
|
|
|
7F790000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1747637950.000000007F790000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F790000
|
| Size: |
4096
|
|
|
7FA20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1443291261.000000007FA20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA20000
|
| Size: |
626688
|
|
|
24C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856772757.00000000024C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C0000
|
| Size: |
16384
|
|
|
605000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1693995032.0000000000605000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
605000
|
| Size: |
8192
|
|
|
680000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515487514.0000000000680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
680000
|
| Size: |
4096
|
|
|
880000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1870155026.0000000000880000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
880000
|
| Size: |
4096
|
|
|
760000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694075061.0000000000760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
28672
|
|
|
28F5000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000F.00000002.1789807716.00000000028F5000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
28F5000
|
| Size: |
4096
|
|
|
20C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870751925.0000000020C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C0E000
|
| Size: |
8192
|
|
|
20634000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883249305.0000000020634000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20634000
|
| Size: |
4096
|
|
|
7AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1393197868.00000000007AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AE000
|
| Size: |
24576
|
|
|
2BBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1414121492.0000000002BBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BBD000
|
| Size: |
12288
|
|
|
7ECBF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1406870655.000000007ECBF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECBF000
|
| Size: |
4096
|
|
|
20CEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722442513.0000000020CEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20CEF000
|
| Size: |
4096
|
|
|
20FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722607160.0000000020FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FA0000
|
| Size: |
4096
|
|
|
20658000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883249305.0000000020658000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20658000
|
| Size: |
8192
|
|
|
2440000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516241242.0000000002440000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2440000
|
| Size: |
602112
|
|
|
7FC90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1383670112.000000007FC90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC90000
|
| Size: |
4096
|
|
|
20748000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870456492.0000000020748000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20748000
|
| Size: |
4096
|
|
|
710000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870008837.0000000000710000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
710000
|
| Size: |
16384
|
|
|
20FD1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1641099970.0000000020FD1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FD1000
|
| Size: |
8192
|
|
|
226C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789126973.000000000226C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
226C000
|
| Size: |
4096
|
|
|
FBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414695982.0000000000FBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FBE000
|
| Size: |
8192
|
|
|
20E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802276831.0000000020E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E9E000
|
| Size: |
8192
|
|
|
E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1414661140.0000000000E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E60000
|
| Size: |
20480
|
|
|
2098E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423314257.000000002098E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2098E000
|
| Size: |
8192
|
|
|
95E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402660376.000000000095E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95E000
|
| Size: |
8192
|
|
|
BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494696247.0000000000BE0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE0000
|
| Size: |
4096
|
|
|
2318000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611724876.0000000002318000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2318000
|
| Size: |
4096
|
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855519654.00000000001F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
2827000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870917664.0000000002827000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2827000
|
| Size: |
4096
|
|
|
20A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423343071.0000000020A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A8F000
|
| Size: |
4096
|
|
|
232E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516098634.000000000232E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
232E000
|
| Size: |
8192
|
|
|
2094F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423283634.000000002094F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2094F000
|
| Size: |
4096
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870816827.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
20F90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423561057.0000000020F90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F90000
|
| Size: |
585728
|
|
|
206DF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.00000000206DF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206DF000
|
| Size: |
4096
|
|
|
235F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856495510.000000000235F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
235F000
|
| Size: |
4096
|
|
|
7EA10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1390092739.000000007EA10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EA10000
|
| Size: |
4096
|
|
|
2060F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1632225995.000000002060F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2060F000
|
| Size: |
4096
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855446588.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
3250000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1414309691.0000000003250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3250000
|
| Size: |
12288
|
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788337743.00000000001F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
882000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855801503.0000000000882000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
882000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1610281173.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
2091F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802042743.000000002091F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2091F000
|
| Size: |
4096
|
|
|
20668000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1721747799.0000000020668000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20668000
|
| Size: |
8192
|
|
|
207AA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870456492.00000000207AA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207AA000
|
| Size: |
12288
|
|
|
208EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1884058811.00000000208EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
208EF000
|
| Size: |
4096
|
|
|
20A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1640840799.0000000020A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A3F000
|
| Size: |
4096
|
|
|
43A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.1414061650.000000000043A000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
43A000
|
| Size: |
12288
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1397236833.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
D73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1395276511.0000000000D73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D73000
|
| Size: |
4096
|
|
|
225F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611724876.000000000225F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
225F000
|
| Size: |
4096
|
|
|
22C2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611724876.00000000022C2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22C2000
|
| Size: |
4096
|
|
|
7EB00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1389522475.000000007EB00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB00000
|
| Size: |
4096
|
|
|
2336000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402956620.0000000002336000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2336000
|
| Size: |
12288
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1869802373.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
2380000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789466510.0000000002380000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2380000
|
| Size: |
4096
|
|
|
206FC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.00000000206FC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206FC000
|
| Size: |
4096
|
|
|
7EE80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1441431590.000000007EE80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE80000
|
| Size: |
847872
|
|
|
31A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1395501958.00000000031A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A3000
|
| Size: |
12288
|
|
|
2434000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516241242.0000000002434000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2434000
|
| Size: |
28672
|
|
|
206F1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1632225995.00000000206F1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206F1000
|
| Size: |
4096
|
|
|
B7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494654200.0000000000B7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B7D000
|
| Size: |
12288
|
|
|
293D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1411716648.000000000293D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
293D000
|
| Size: |
12288
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1693829592.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
7F790000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1573339429.000000007F790000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F790000
|
| Size: |
4096
|
|
|
20F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1886399441.0000000020F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20F9F000
|
| Size: |
4096
|
|
|
760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855706082.0000000000760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
4096
|
|
|
2FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1414214196.0000000002FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FA0000
|
| Size: |
20480
|
|
|
2200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1402712125.0000000002200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2200000
|
| Size: |
4096
|
|
|
23CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516159996.00000000023CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
23CE000
|
| Size: |
8192
|
|
|
7F790000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1815550216.000000007F790000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F790000
|
| Size: |
4096
|
|
|
20D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870775351.0000000020D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D0F000
|
| Size: |
4096
|
|
|
21870000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1424331925.0000000021870000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21870000
|
| Size: |
4096
|
|
|
890000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870174059.0000000000890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
890000
|
| Size: |
24576
|
|
|
2264000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789126973.0000000002264000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2264000
|
| Size: |
8192
|
|
|
20FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1886618568.0000000020FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FA0000
|
| Size: |
4096
|
|
|
283C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1695079166.000000000283C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
283C000
|
| Size: |
4096
|
|
|
2311000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611724876.0000000002311000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2311000
|
| Size: |
4096
|
|
|
7EBE1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1441063230.000000007EBE1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBE1000
|
| Size: |
4096
|
|
|
245C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1403021774.000000000245C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
245C000
|
| Size: |
4096
|
|
|
207FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1640743493.00000000207FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207FB000
|
| Size: |
20480
|
|
|
20FE7000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000B.00000002.1543798024.0000000020FE7000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FE7000
|
| Size: |
12288
|
|
|
A7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494634597.0000000000A7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A7D000
|
| Size: |
12288
|
|
|
7ECBF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1407258553.000000007ECBF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECBF000
|
| Size: |
4096
|
|
|
234A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694597746.000000000234A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
234A000
|
| Size: |
8192
|
|
|
20FE1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000B.00000002.1543798024.0000000020FE1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FE1000
|
| Size: |
8192
|
|
|
246A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1403021774.000000000246A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
246A000
|
| Size: |
8192
|
|
|
4D60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1403149956.0000000004D60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4D60000
|
| Size: |
237568
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7F910000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1384070136.000000007F910000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F910000
|
| Size: |
1056768
|
|
|
93F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694502812.000000000093F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
93F000
|
| Size: |
4096
|
|
|
7E370000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1398585004.000000007E370000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E370000
|
| Size: |
4096
|
|
|
2302000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694597746.0000000002302000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2302000
|
| Size: |
4096
|
|
|
28EC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789724321.00000000028EC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28EC000
|
| Size: |
4096
|
|
|
2210000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1402777062.0000000002210000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2210000
|
| Size: |
4096
|
|
|
298C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3857089785.000000000298C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
298C000
|
| Size: |
4096
|
|
|
24B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856744207.00000000024B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24B0000
|
| Size: |
8192
|
|
|
7D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1404738334.00000000007D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D6000
|
| Size: |
8192
|
|
|
2837000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1695079166.0000000002837000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2837000
|
| Size: |
4096
|
|
|
20701000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.0000000020701000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20701000
|
| Size: |
4096
|
|
|
211D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1396173897.00000000211D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
211D1000
|
| Size: |
3375104
|
|
|
206D6000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.00000000206D6000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206D6000
|
| Size: |
4096
|
|
|
2528000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516241242.0000000002528000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2528000
|
| Size: |
4096
|
|
|
7FDE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1383533032.000000007FDE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FDE0000
|
| Size: |
458752
|
|
|
206E6000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1801695821.00000000206E6000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206E6000
|
| Size: |
4096
|
|
|
248F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789529019.000000000248F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
248F000
|
| Size: |
4096
|
|
|
206C1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.00000000206C1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206C1000
|
| Size: |
32768
|
|
|
ACF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516053603.0000000000ACF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACF000
|
| Size: |
4096
|
|
|
893000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3855801503.0000000000893000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
893000
|
| Size: |
4096
|
|
|
D6E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1395800744.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D6E000
|
| Size: |
8192
|
|
|
20D00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1640958262.0000000020D00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20D00000
|
| Size: |
4096
|
|
|
7E1D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1397700836.000000007E1D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E1D0000
|
| Size: |
4096
|
|
|
780000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1515606216.0000000000780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
4096
|
|
|
20D3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1543631220.0000000020D3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D3F000
|
| Size: |
4096
|
|
|
7EBC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1389289354.000000007EBC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBC0000
|
| Size: |
4096
|
|
|
20FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802324753.0000000020FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FA0000
|
| Size: |
4096
|
|
|
D6E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1492037246.0000000000D6E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D6E000
|
| Size: |
24576
|
|
|
31D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1405500739.000000000031D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31D000
|
| Size: |
12288
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1397429500.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
7E520000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440592836.000000007E520000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E520000
|
| Size: |
4096
|
|
|
20B7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1640891148.0000000020B7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20B7F000
|
| Size: |
4096
|
|
|
7EC50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395481204.000000007EC50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC50000
|
| Size: |
40960
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1394124288.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
4096
|
|
|
7FC30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1383824028.000000007FC30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC30000
|
| Size: |
4096
|
|
|
7E5B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440716355.000000007E5B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E5B0000
|
| Size: |
4096
|
|
|
720000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1401897281.0000000000720000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
720000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
22ED000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611724876.00000000022ED000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22ED000
|
| Size: |
4096
|
|
|
2079C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3870456492.000000002079C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2079C000
|
| Size: |
4096
|
|
|
2334000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694597746.0000000002334000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2334000
|
| Size: |
8192
|
|
|
7E61F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1440716355.000000007E61F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E61F000
|
| Size: |
77824
|
|
|
30AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1414233758.00000000030AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30AF000
|
| Size: |
4096
|
|
|
6EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1401897281.00000000006EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6EE000
|
| Size: |
200704
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1400732801.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
20FEF000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000B.00000002.1543798024.0000000020FEF000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FEF000
|
| Size: |
4096
|
|
|
20661000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1721747799.0000000020661000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20661000
|
| Size: |
4096
|
|
|
7F5E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1442450554.000000007F5E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F5E0000
|
| Size: |
4096
|
|
|
7EDB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1441368094.000000007EDB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EDB0000
|
| Size: |
28672
|
|
|
47F000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1382823374.000000000047F000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
47F000
|
| Size: |
12288
|
|
|
29CC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1526249580.00000000029CC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29CC000
|
| Size: |
4096
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1641700252.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
218E5000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1424631108.00000000218E5000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
218E5000
|
| Size: |
8192
|
|
|
20653000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1721747799.0000000020653000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20653000
|
| Size: |
4096
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1802355145.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
31A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396779695.00000000031A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A3000
|
| Size: |
12288
|
|
|
250C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516241242.000000000250C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
250C000
|
| Size: |
4096
|
|
|
20A6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1885225821.0000000020A6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A6E000
|
| Size: |
8192
|
|
|
2961000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.3856885324.0000000002961000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2961000
|
| Size: |
155648
|
|
|
205F8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1721747799.00000000205F8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
205F8000
|
| Size: |
4096
|
|
|
20B6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722388334.0000000020B6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20B6F000
|
| Size: |
4096
|
|
|
2995000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3857172600.0000000002995000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2995000
|
| Size: |
4096
|
|
|
22BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516072634.00000000022BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
22BC000
|
| Size: |
16384
|
|
|
7C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1405313797.00000000007C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C5000
|
| Size: |
4096
|
|
|
3F1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000A.00000002.1413971141.00000000003F1000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
3F1000
|
| Size: |
180224
|
|
|
43E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1410693606.000000000043E000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
43E000
|
| Size: |
49152
|
|
|
31A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1397429500.00000000031A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31A3000
|
| Size: |
12288
|
|
|
6C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1869961964.00000000006C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C0000
|
| Size: |
4096
|
|
|
20BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1885503405.0000000020BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BEE000
|
| Size: |
8192
|
|
|
63E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1405740476.000000000063E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
63E000
|
| Size: |
8192
|
|
|
7FD50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1383600989.000000007FD50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD50000
|
| Size: |
4096
|
|
|
2102D000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.1544692180.000000002102D000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2102D000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
225D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789126973.000000000225D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
225D000
|
| Size: |
4096
|
|
|
207F1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1542459361.00000000207F1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207F1000
|
| Size: |
4096
|
|
|
7ED40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1387894564.000000007ED40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED40000
|
| Size: |
458752
|
|
|
7FD1F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1383670112.000000007FD1F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD1F000
|
| Size: |
200704
|
|
|
7F790000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1900423530.000000007F790000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F790000
|
| Size: |
4096
|
|
|
218E2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1424631108.00000000218E2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
218E2000
|
| Size: |
8192
|
|
|
7E490000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3883905988.000000007E490000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E490000
|
| Size: |
4096
|
|
|
790000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788694231.0000000000790000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
790000
|
| Size: |
4096
|
|
|
2080E000
|
stack
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1423213359.000000002080E000.00000040.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page execute and read and write
|
| Base address: |
2080E000
|
| Size: |
4096
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1722635341.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
2991000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3857089785.0000000002991000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2991000
|
| Size: |
16384
|
|
|
227A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789126973.000000000227A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
227A000
|
| Size: |
8192
|
|
|
7F940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1442604956.000000007F940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F940000
|
| Size: |
835584
|
|
|
282C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870917664.000000000282C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
282C000
|
| Size: |
4096
|
|
|
2F40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1414196169.0000000002F40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F40000
|
| Size: |
4096
|
|
|
7DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1404738334.00000000007DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DD000
|
| Size: |
24576
|
|
|
7EA70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1390870960.000000007EA70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EA70000
|
| Size: |
458752
|
|
|
2273000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789126973.0000000002273000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2273000
|
| Size: |
4096
|
|
|
750000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788671330.0000000000750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
4096
|
|
|
77F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1393197868.000000000077F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
77F000
|
| Size: |
167936
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
206EA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1632225995.00000000206EA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206EA000
|
| Size: |
12288
|
|
|
7F790000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1656364875.000000007F790000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F790000
|
| Size: |
4096
|
|
|
28E7000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789724321.00000000028E7000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28E7000
|
| Size: |
4096
|
|
|
21CF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789126973.00000000021CF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21CF000
|
| Size: |
4096
|
|
|
486000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1382823374.0000000000486000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
486000
|
| Size: |
12288
|
|
|
20E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1641031198.0000000020E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E9E000
|
| Size: |
8192
|
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788540481.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D0000
|
| Size: |
4096
|
|
|
240A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3856495510.000000000240A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
240A000
|
| Size: |
8192
|
|
|
2471000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1403021774.0000000002471000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2471000
|
| Size: |
4096
|
|
|
207B9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1542459361.00000000207B9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207B9000
|
| Size: |
28672
|
|
|
784000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1401897281.0000000000784000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
784000
|
| Size: |
4096
|
|
|
3EDCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3883854781.000000003EDCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EDCF000
|
| Size: |
4096
|
|
|
A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.1694525819.0000000000A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A3F000
|
| Size: |
4096
|
|
|
2481000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1870549964.0000000002481000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2481000
|
| Size: |
4096
|
|
|
22FC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1611724876.00000000022FC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22FC000
|
| Size: |
4096
|
|
|
206E4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1422439793.00000000206E4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206E4000
|
| Size: |
4096
|
|
|
20D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423452498.0000000020D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D0F000
|
| Size: |
4096
|
|
|
20BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1423400884.0000000020BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BCF000
|
| Size: |
4096
|
|
|
6F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788559862.00000000006F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F6000
|
| Size: |
8192
|
|
|
2383000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1789466510.0000000002383000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2383000
|
| Size: |
8192
|
|
|
20C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1543604438.0000000020C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C3E000
|
| Size: |
8192
|
|
|
C90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1494761339.0000000000C90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C90000
|
| Size: |
20480
|
|
|
2521000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1516241242.0000000002521000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2521000
|
| Size: |
4096
|
|
|
7DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1404148627.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DB000
|
| Size: |
4096
|
|
|
20651000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1883249305.0000000020651000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20651000
|
| Size: |
4096
|
|
|
6C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1788482281.00000000006C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C5000
|
| Size: |
12288
|
|
|
20FBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1543762085.0000000020FBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FBF000
|
| Size: |
4096
|
|
|
20BFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1543580549.0000000020BFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BFF000
|
| Size: |
4096
|
|
|
31BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1396267898.00000000031BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31BD000
|
| Size: |
8192
|
|
|
7B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1401897281.00000000007B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B3000
|
| Size: |
16384
|
|
