|
32D7000
|
direct allocation
|
page execute and read and write
|
 |
|
|
| Name: |
00000000.00000002.1605829376.00000000032D7000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
32D7000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected GuLoader |
Data Obfuscation |
|
|
|
1887000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2589769449.0000000001887000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1887000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected GuLoader |
Data Obfuscation |
|
|
|
2F39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1850057752.0000000002F39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F39000
|
| Size: |
266240
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1887000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1851860987.0000000001887000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1887000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected GuLoader |
Data Obfuscation |
|
|
|
33F7000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2278078106.00000000033F7000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
33F7000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected GuLoader |
Data Obfuscation |
|
|
|
2F37000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854370103.0000000002F37000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F37000
|
| Size: |
339968
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
628000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2592080589.0000000000628000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
628000
|
| Size: |
192512
|
|
|
3321E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881223575.000000003321E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3321E000
|
| Size: |
8192
|
|
|
49DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2722976725.00000000049DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49DE000
|
| Size: |
8192
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2589654378.0000000000408000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
46D7000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1605829376.00000000046D7000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
46D7000
|
| Size: |
581632
|
|
|
28F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2601502833.00000000028F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F4000
|
| Size: |
4096
|
|
|
4A30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2736932462.0000000004A30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A30000
|
| Size: |
16384
|
|
|
58B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2245377521.000000000058B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
58B000
|
| Size: |
4096
|
|
|
3324F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2817508367.000000003324F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3324F000
|
| Size: |
4096
|
|
|
20C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2600557540.00000000020C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20C0000
|
| Size: |
8192
|
|
|
21D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2601008264.00000000021D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21D5000
|
| Size: |
8192
|
|
|
4A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604906242.00000000004A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A0000
|
| Size: |
24576
|
|
|
40E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589825553.000000000040E000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40E000
|
| Size: |
8192
|
|
|
10005000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1613906605.0000000010005000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
10005000
|
| Size: |
4096
|
|
|
27AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2273175572.00000000027AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
27AF000
|
| Size: |
4096
|
|
|
40A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000C.00000002.2589573747.000000000040A000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40A000
|
| Size: |
4096
|
|
|
4920000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2510539624.0000000004920000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4920000
|
| Size: |
4096
|
|
|
3302F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2807504464.000000003302F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3302F000
|
| Size: |
4096
|
|
|
7F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2595270624.00000000007F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F8000
|
| Size: |
163840
|
|
|
2100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2246170185.0000000002100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2100000
|
| Size: |
4096
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.2052461279.0000000000467000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
4B70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855519071.0000000004B70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B70000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
463000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589825553.0000000000463000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
463000
|
| Size: |
4096
|
|
|
4960000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2521314213.0000000004960000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4960000
|
| Size: |
4096
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1602747203.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
4970000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2524857021.0000000004970000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4970000
|
| Size: |
4096
|
|
|
275F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2600519348.000000000275F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
275F000
|
| Size: |
4096
|
|
|
4C30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855746367.0000000004C30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
8192
|
|
|
90F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605160913.000000000090F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
90F000
|
| Size: |
4096
|
|
|
8EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2600541130.00000000008EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8EF000
|
| Size: |
4096
|
|
|
333B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881374683.00000000333B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
333B0000
|
| Size: |
28672
|
|
|
4830000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1613527110.0000000004830000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4830000
|
| Size: |
4096
|
|
|
40E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604763885.000000000040E000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40E000
|
| Size: |
8192
|
|
|
754000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2600131995.0000000000754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
754000
|
| Size: |
16384
|
|
|
2140000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2600844247.0000000002140000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2140000
|
| Size: |
4096
|
|
|
418000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589825553.0000000000418000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
418000
|
| Size: |
36864
|
|
|
3270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2278078106.0000000003270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3270000
|
| Size: |
327680
|
|
|
2EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1853903949.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EA0000
|
| Size: |
8192
|
|
|
645000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2590915278.0000000000645000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
645000
|
| Size: |
12288
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2590355793.00000000005C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
8192
|
|
|
2190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2246682004.0000000002190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2190000
|
| Size: |
8192
|
|
|
26BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2601395389.00000000026BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
26BF000
|
| Size: |
4096
|
|
|
2E5E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605319877.0000000002E5E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E5E000
|
| Size: |
8192
|
|
|
620000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2592080589.0000000000620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
620000
|
| Size: |
24576
|
|
|
2FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2604034931.0000000002FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FCE000
|
| Size: |
8192
|
|
|
205E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2600272228.000000000205E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
205E000
|
| Size: |
8192
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000B.00000002.2589593050.0000000000401000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.2590817508.0000000000467000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
40E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2589761357.000000000040E000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40E000
|
| Size: |
8192
|
|
|
6F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2600131995.00000000006F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F0000
|
| Size: |
24576
|
|
|
2D7E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2601502833.0000000002D7E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D7E000
|
| Size: |
8192
|
|
|
32C3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2795124412.0000000032C3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32C3F000
|
| Size: |
4096
|
|
|
7C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2594168416.00000000007C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C0000
|
| Size: |
12288
|
|
|
1700000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2589769449.0000000001700000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1700000
|
| Size: |
327680
|
|
|
435000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2589713599.0000000000435000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
435000
|
| Size: |
16384
|
|
|
4A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2744515352.0000000004A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A60000
|
| Size: |
4096
|
|
|
2FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854677545.0000000002FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FFE000
|
| Size: |
8192
|
|
|
518000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2245377521.0000000000518000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
518000
|
| Size: |
172032
|
|
|
32D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1880898778.0000000032D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32D7E000
|
| Size: |
8192
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1321118250.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
21AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605209445.00000000021AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
21AE000
|
| Size: |
8192
|
|
|
2234000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2249201866.0000000002234000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2234000
|
| Size: |
8192
|
|
|
2F29000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854370103.0000000002F29000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F29000
|
| Size: |
4096
|
|
|
303E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854691889.000000000303E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
303E000
|
| Size: |
8192
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000C.00000000.2233828901.0000000000401000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.1851755947.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.2244776829.0000000000401000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.2589666874.0000000000408000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
32F2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2805325762.0000000032F2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32F2E000
|
| Size: |
8192
|
|
|
2260000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2264191423.0000000002260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2260000
|
| Size: |
12288
|
|
|
4A40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2739393181.0000000004A40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A40000
|
| Size: |
4096
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.2166006893.0000000000467000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
96000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604654542.0000000000096000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
96000
|
| Size: |
40960
|
|
|
4BFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2754759544.0000000004BFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BFF000
|
| Size: |
4096
|
|
|
2AF5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2600579322.0000000002AF5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AF5000
|
| Size: |
106496
|
|
|
47F7000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2278078106.00000000047F7000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
47F7000
|
| Size: |
581632
|
|
|
7CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605136380.00000000007CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7CF000
|
| Size: |
4096
|
|
|
95F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2246026570.000000000095F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95F000
|
| Size: |
4096
|
|
|
2F39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1825993990.0000000002F39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F39000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
260F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2600344294.000000000260F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
260F000
|
| Size: |
4096
|
|
|
687000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2592080589.0000000000687000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
687000
|
| Size: |
20480
|
|
|
1D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589549420.00000000001D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D5000
|
| Size: |
12288
|
|
|
331E0000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1789619734.00000000331E0000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
331E0000
|
| Size: |
4096
|
|
|
96000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589426690.0000000000096000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
96000
|
| Size: |
40960
|
|
|
4B10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855260915.0000000004B10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
650000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2597438334.0000000000650000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
650000
|
| Size: |
4096
|
|
|
685000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2245960895.0000000000685000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
685000
|
| Size: |
12288
|
|
|
19A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2589514729.000000000019A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19A000
|
| Size: |
24576
|
|
|
2F7A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1850024461.0000000002F7A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F7A000
|
| Size: |
8192
|
|
|
42D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2589761357.000000000042D000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
42D000
|
| Size: |
4096
|
|
|
40A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2589713599.000000000040A000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40A000
|
| Size: |
12288
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.2238489600.0000000000467000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
2997000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2600579322.0000000002997000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2997000
|
| Size: |
4096
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.1851741160.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
4B40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855349361.0000000004B40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B40000
|
| Size: |
4096
|
|
|
4E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604906242.00000000004E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E6000
|
| Size: |
8192
|
|
|
2F10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2696178945.0000000002F10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2F10000
|
| Size: |
4096
|
|
|
4930000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2513227920.0000000004930000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4930000
|
| Size: |
4096
|
|
|
19A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2589513193.000000000019A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19A000
|
| Size: |
24576
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.2245279313.0000000000467000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
32D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2797875378.0000000032D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32D7E000
|
| Size: |
8192
|
|
|
2D8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1853403617.0000000002D8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D8C000
|
| Size: |
16384
|
|
|
427000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2589713599.0000000000427000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
427000
|
| Size: |
8192
|
|
|
2EC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854370103.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
24576
|
|
|
525000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2594348994.0000000000525000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
525000
|
| Size: |
12288
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000C.00000002.2589500547.0000000000401000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
29D9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2274424736.00000000029D9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29D9000
|
| Size: |
4096
|
|
|
4AF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855207686.0000000004AF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AF0000
|
| Size: |
4096
|
|
|
3040000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854829474.0000000003040000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3040000
|
| Size: |
4096
|
|
|
332AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881286464.00000000332AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
332AC000
|
| Size: |
16384
|
|
|
549000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2245377521.0000000000549000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
549000
|
| Size: |
147456
|
|
|
2A52000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2601502833.0000000002A52000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A52000
|
| Size: |
106496
|
|
|
3070000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855141892.0000000003070000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3070000
|
| Size: |
24576
|
|
|
1700000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1851860987.0000000001700000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1700000
|
| Size: |
327680
|
|
|
2250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605269675.0000000002250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2250000
|
| Size: |
12288
|
|
|
42D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2244836454.000000000042D000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
42D000
|
| Size: |
4096
|
|
|
5E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2590405356.00000000005E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E0000
|
| Size: |
8192
|
|
|
2FBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2697586092.0000000002FBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FBE000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2E8B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1853423929.0000000002E8B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E8B000
|
| Size: |
20480
|
|
|
4B00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855237344.0000000004B00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B00000
|
| Size: |
4096
|
|
|
4810000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1613429841.0000000004810000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4810000
|
| Size: |
4096
|
|
|
333B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1849953919.00000000333B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
333B1000
|
| Size: |
262144
|
|
|
7F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2595270624.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F0000
|
| Size: |
24576
|
|
|
2F41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1793476131.0000000002F41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F41000
|
| Size: |
245760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2F32000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1793476131.0000000002F32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F32000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1851299318.0000000000467000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
33630000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881523058.0000000033630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33630000
|
| Size: |
4096
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1967075146.0000000000467000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
19A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589511501.000000000019A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19A000
|
| Size: |
24576
|
|
|
2FAC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2697586092.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FAC000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
269F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605295355.000000000269F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
269F000
|
| Size: |
4096
|
|
|
47A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1612916629.00000000047A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
47A0000
|
| Size: |
4096
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1967033993.0000000000408000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
47F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1613192655.00000000047F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
47F0000
|
| Size: |
4096
|
|
|
2255000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605269675.0000000002255000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2255000
|
| Size: |
8192
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1604747163.0000000000408000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
2B1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2601843950.0000000002B1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B1B000
|
| Size: |
106496
|
|
|
3180000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2278044567.0000000003180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3180000
|
| Size: |
32768
|
|
|
40A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000004.00000000.1602787287.000000000040A000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40A000
|
| Size: |
4096
|
|
|
3307E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881139406.000000003307E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3307E000
|
| Size: |
8192
|
|
|
4B20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855281908.0000000004B20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B20000
|
| Size: |
4096
|
|
|
3060000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855125377.0000000003060000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3060000
|
| Size: |
4096
|
|
|
414000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2589761357.0000000000414000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
414000
|
| Size: |
8192
|
|
|
2200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605220980.0000000002200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2200000
|
| Size: |
8192
|
|
|
231E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2601293464.000000000231E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
231E000
|
| Size: |
8192
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.2589780379.0000000000408000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
2C87000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2589769449.0000000002C87000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2C87000
|
| Size: |
581632
|
|
|
4A00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2731080698.0000000004A00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000000.1851235337.0000000000401000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
520000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2594348994.0000000000520000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
520000
|
| Size: |
16384
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000000.1602759932.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
3025000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2715003609.0000000003025000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3025000
|
| Size: |
16384
|
|
|
2F28000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2697586092.0000000002F28000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F28000
|
| Size: |
221184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
463000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2589761357.0000000000463000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
463000
|
| Size: |
4096
|
|
|
2160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605197711.0000000002160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2160000
|
| Size: |
8192
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1602773678.0000000000408000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
40A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2244836454.000000000040A000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40A000
|
| Size: |
12288
|
|
|
279F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605308374.000000000279F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
279F000
|
| Size: |
4096
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1966972668.0000000000400000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
2EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2688130437.0000000002EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EDE000
|
| Size: |
8192
|
|
|
40A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604763885.000000000040A000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40A000
|
| Size: |
12288
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1321152007.0000000000408000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
48D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2497984953.00000000048D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
48D0000
|
| Size: |
4096
|
|
|
3170000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2601393104.0000000003170000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3170000
|
| Size: |
36864
|
|
|
42D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589825553.000000000042D000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
42D000
|
| Size: |
4096
|
|
|
10001000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1613757333.0000000010001000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
10001000
|
| Size: |
8192
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.2165819094.0000000000400000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
2EC8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854370103.0000000002EC8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EC8000
|
| Size: |
151552
|
|
|
334F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855181133.000000000334F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
334F000
|
| Size: |
4096
|
|
|
770000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2594100537.0000000000770000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
770000
|
| Size: |
4096
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1604875628.0000000000467000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
676000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2592080589.0000000000676000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
676000
|
| Size: |
40960
|
|
|
212E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605185595.000000000212E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
212E000
|
| Size: |
8192
|
|
|
32C7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1880839929.0000000032C7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32C7F000
|
| Size: |
4096
|
|
|
2204000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605220980.0000000002204000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2204000
|
| Size: |
8192
|
|
|
215E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2246422908.000000000215E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
215E000
|
| Size: |
8192
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1851249750.0000000000408000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
5B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605044797.00000000005B0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B0000
|
| Size: |
4096
|
|
|
73C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2600131995.000000000073C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
73C000
|
| Size: |
69632
|
|
|
29BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2601843950.00000000029BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29BD000
|
| Size: |
4096
|
|
|
10005000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.2533487876.0000000010005000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
10005000
|
| Size: |
4096
|
|
|
32EBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881014912.0000000032EBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32EBD000
|
| Size: |
12288
|
|
|
3180000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2604849533.0000000003180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3180000
|
| Size: |
32768
|
|
|
3120000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2601329720.0000000003120000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3120000
|
| Size: |
4096
|
|
|
10000000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.2526724828.0000000010000000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
10000000
|
| Size: |
4096
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.1851774815.0000000000408000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
1D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589549420.00000000001D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0000
|
| Size: |
16384
|
|
|
427000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604763885.0000000000427000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
427000
|
| Size: |
8192
|
|
|
3170000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2278044567.0000000003170000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3170000
|
| Size: |
36864
|
|
|
435000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2244836454.0000000000435000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
435000
|
| Size: |
16384
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2589551152.0000000000400000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
1FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2600089114.0000000001FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1FFE000
|
| Size: |
8192
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2590809123.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
8192
|
|
|
823000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2595270624.0000000000823000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
823000
|
| Size: |
49152
|
|
|
2240000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2252868661.0000000002240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2240000
|
| Size: |
4096
|
|
|
427000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589825553.0000000000427000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
427000
|
| Size: |
8192
|
|
|
435000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589825553.0000000000435000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
435000
|
| Size: |
16384
|
|
|
4A70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2746730075.0000000004A70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A70000
|
| Size: |
4096
|
|
|
42D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2589713599.000000000042D000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
42D000
|
| Size: |
4096
|
|
|
2220000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605246623.0000000002220000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2220000
|
| Size: |
4096
|
|
|
2287000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2589769449.0000000002287000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2287000
|
| Size: |
10485760
|
|
|
640000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2590915278.0000000000640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
640000
|
| Size: |
16384
|
|
|
680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2245960895.0000000000680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
680000
|
| Size: |
16384
|
|
|
29D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605319877.00000000029D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29D4000
|
| Size: |
4096
|
|
|
3CD7000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1605829376.0000000003CD7000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3CD7000
|
| Size: |
10485760
|
|
|
10003000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1613832744.0000000010003000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
10003000
|
| Size: |
4096
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1604716262.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
4B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2590482919.00000000004B0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B0000
|
| Size: |
4096
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.2052401634.0000000000408000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
3367C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881657081.000000003367C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3367C000
|
| Size: |
16384
|
|
|
26AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2268796350.00000000026AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
26AF000
|
| Size: |
4096
|
|
|
2F39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1793476131.0000000002F39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F39000
|
| Size: |
24576
|
|
|
64E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2245938975.000000000064E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
64E000
|
| Size: |
8192
|
|
|
2F04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854370103.0000000002F04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F04000
|
| Size: |
106496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
80E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605148563.000000000080E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
80E000
|
| Size: |
8192
|
|
|
331E0000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1789571628.00000000331E0000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
331E0000
|
| Size: |
4096
|
|
|
4EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2594079615.00000000004EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4EE000
|
| Size: |
8192
|
|
|
2F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1793755889.0000000002F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
4096
|
|
|
2E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2686160579.0000000002E90000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E90000
|
| Size: |
4096
|
|
|
3050000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855109283.0000000003050000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3050000
|
| Size: |
4096
|
|
|
427000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2244836454.0000000000427000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
427000
|
| Size: |
8192
|
|
|
81F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2597621491.000000000081F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81F000
|
| Size: |
4096
|
|
|
2230000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2249201866.0000000002230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2230000
|
| Size: |
8192
|
|
|
85F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2246006794.000000000085F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
85F000
|
| Size: |
4096
|
|
|
4A80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2749058785.0000000004A80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A80000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
331E0000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1789639792.00000000331E0000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
331E0000
|
| Size: |
4096
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2590133254.0000000000467000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
3320E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2815882906.000000003320E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3320E000
|
| Size: |
8192
|
|
|
4820000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1613489785.0000000004820000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4820000
|
| Size: |
4096
|
|
|
465000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2244836454.0000000000465000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
465000
|
| Size: |
4096
|
|
|
21B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2600824892.00000000021B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21B0000
|
| Size: |
8192
|
|
|
414000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604763885.0000000000414000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
414000
|
| Size: |
53248
|
|
|
4910000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2508037587.0000000004910000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4910000
|
| Size: |
4096
|
|
|
3377D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881708661.000000003377D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3377D000
|
| Size: |
12288
|
|
|
3180000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2601393104.0000000003180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3180000
|
| Size: |
32768
|
|
|
4900000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2505266811.0000000004900000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4900000
|
| Size: |
4096
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1851214892.0000000000400000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
10000000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1613718040.0000000010000000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
10000000
|
| Size: |
4096
|
|
|
4AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2752810376.0000000004AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AF0000
|
| Size: |
8192
|
|
|
3020000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2715003609.0000000003020000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3020000
|
| Size: |
16384
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.2589582836.0000000000401000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
3090000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2604418609.0000000003090000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3090000
|
| Size: |
4096
|
|
|
435000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2589761357.0000000000435000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
435000
|
| Size: |
16384
|
|
|
4D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604906242.00000000004D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D4000
|
| Size: |
40960
|
|
|
510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2245377521.0000000000510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
510000
|
| Size: |
24576
|
|
|
47B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1612986841.00000000047B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
47B0000
|
| Size: |
4096
|
|
|
265E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2600457615.000000000265E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
265E000
|
| Size: |
8192
|
|
|
47C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1613016057.00000000047C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
47C0000
|
| Size: |
4096
|
|
|
2B32000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605319877.0000000002B32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B32000
|
| Size: |
106496
|
|
|
96000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2244650798.0000000000096000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
96000
|
| Size: |
40960
|
|
|
49E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2725629966.00000000049E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49E0000
|
| Size: |
4096
|
|
|
2F32000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1825993990.0000000002F32000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F32000
|
| Size: |
8192
|
|
|
32C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2796566404.0000000032C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32C7E000
|
| Size: |
8192
|
|
|
2F26000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854370103.0000000002F26000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F26000
|
| Size: |
4096
|
|
|
40E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2589713599.000000000040E000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40E000
|
| Size: |
8192
|
|
|
331AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2814022694.00000000331AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
331AD000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2265000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2264191423.0000000002265000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2265000
|
| Size: |
8192
|
|
|
31FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2720943271.00000000031FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31FF000
|
| Size: |
4096
|
|
|
19A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2244720589.000000000019A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19A000
|
| Size: |
24576
|
|
|
40A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1321169698.000000000040A000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40A000
|
| Size: |
4096
|
|
|
4B60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855488313.0000000004B60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B60000
|
| Size: |
4096
|
|
|
2F00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2693597530.0000000002F00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2F00000
|
| Size: |
4096
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.1851825939.0000000000467000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
2F7B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1793650881.0000000002F7B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F7B000
|
| Size: |
8192
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000A.00000000.2052333584.0000000000401000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
507000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604906242.0000000000507000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
507000
|
| Size: |
4096
|
|
|
30A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2604566561.00000000030A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30A0000
|
| Size: |
4096
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.2590313656.0000000000467000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
40A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000004.00000002.1851796209.000000000040A000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40A000
|
| Size: |
4096
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1604732254.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
5D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2590866955.00000000005D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D0000
|
| Size: |
4096
|
|
|
2B37000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2274424736.0000000002B37000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B37000
|
| Size: |
106496
|
|
|
1D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604691188.00000000001D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0000
|
| Size: |
28672
|
|
|
4F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2245356222.00000000004F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F0000
|
| Size: |
8192
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000B.00000000.2165857579.0000000000401000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
418000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2589761357.0000000000418000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
418000
|
| Size: |
36864
|
|
|
227F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2601332167.000000000227F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
227F000
|
| Size: |
4096
|
|
|
3302F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881101212.000000003302F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3302F000
|
| Size: |
4096
|
|
|
333B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881374683.00000000333B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
333B8000
|
| Size: |
8192
|
|
|
3DF7000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2278078106.0000000003DF7000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3DF7000
|
| Size: |
10485760
|
|
|
49F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2727971673.00000000049F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49F0000
|
| Size: |
4096
|
|
|
22DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2601193807.00000000022DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
22DF000
|
| Size: |
4096
|
|
|
2F1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854370103.0000000002F1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F1F000
|
| Size: |
24576
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.2589552364.0000000000400000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
40A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000005.00000000.1851276584.000000000040A000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40A000
|
| Size: |
4096
|
|
|
33040000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2809720093.0000000033040000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33040000
|
| Size: |
4096
|
|
|
2F61000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2697586092.0000000002F61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F61000
|
| Size: |
299008
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605121398.00000000006CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CE000
|
| Size: |
8192
|
|
|
5E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2590405356.00000000005E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E4000
|
| Size: |
8192
|
|
|
4940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2516412957.0000000004940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4940000
|
| Size: |
4096
|
|
|
40A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000C.00000000.2236739235.000000000040A000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40A000
|
| Size: |
4096
|
|
|
910000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605171947.0000000000910000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
910000
|
| Size: |
4096
|
|
|
2287000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1851860987.0000000002287000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2287000
|
| Size: |
10485760
|
|
|
10001000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.2529010564.0000000010001000.00000020.00000001.01000000.00000009.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
10001000
|
| Size: |
8192
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2518991728.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
4096
|
|
|
2000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2600181889.0000000002000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2000000
|
| Size: |
4096
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1321196530.0000000000467000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
48E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2500487266.00000000048E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
48E0000
|
| Size: |
4096
|
|
|
4850000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1613642548.0000000004850000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4850000
|
| Size: |
4096
|
|
|
2E21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2600579322.0000000002E21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E21000
|
| Size: |
8192
|
|
|
2175000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2601134844.0000000002175000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2175000
|
| Size: |
8192
|
|
|
435000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604763885.0000000000435000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
435000
|
| Size: |
16384
|
|
|
4EF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604906242.00000000004EF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EF000
|
| Size: |
90112
|
|
|
42D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604763885.000000000042D000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
42D000
|
| Size: |
4096
|
|
|
2EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2690668330.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
4096
|
|
|
418000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2589713599.0000000000418000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
418000
|
| Size: |
36864
|
|
|
40A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000A.00000000.2052422288.000000000040A000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40A000
|
| Size: |
4096
|
|
|
21D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2601008264.00000000021D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21D0000
|
| Size: |
12288
|
|
|
3180000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2604277078.0000000003180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3180000
|
| Size: |
32768
|
|
|
4A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2245308713.00000000004A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A0000
|
| Size: |
4096
|
|
|
5CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2590756930.00000000005CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5CE000
|
| Size: |
8192
|
|
|
2C87000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1851860987.0000000002C87000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2C87000
|
| Size: |
581632
|
|
|
3150000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1605829376.0000000003150000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3150000
|
| Size: |
327680
|
|
|
40A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589825553.000000000040A000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40A000
|
| Size: |
12288
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1602810998.0000000000467000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
2230000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1605258591.0000000002230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2230000
|
| Size: |
4096
|
|
|
83F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2595270624.000000000083F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83F000
|
| Size: |
69632
|
|
|
2F41000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1793755889.0000000002F41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F41000
|
| Size: |
237568
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
660000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2592080589.0000000000660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
660000
|
| Size: |
12288
|
|
|
4CF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604906242.00000000004CF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CF000
|
| Size: |
8192
|
|
|
4B30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855301821.0000000004B30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B30000
|
| Size: |
4096
|
|
|
4840000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1613569753.0000000004840000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
4096
|
|
|
57D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2245377521.000000000057D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57D000
|
| Size: |
53248
|
|
|
48C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2495325550.00000000048C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
48C0000
|
| Size: |
4096
|
|
|
40A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000000.2165975156.000000000040A000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40A000
|
| Size: |
4096
|
|
|
32DBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2800806432.0000000032DBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32DBD000
|
| Size: |
12288
|
|
|
3170000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2604277078.0000000003170000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3170000
|
| Size: |
36864
|
|
|
414000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2589713599.0000000000414000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
414000
|
| Size: |
8192
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.2052315390.0000000000400000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
465000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604763885.0000000000465000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
465000
|
| Size: |
4096
|
|
|
40A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2589761357.000000000040A000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40A000
|
| Size: |
12288
|
|
|
3170000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2604849533.0000000003170000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3170000
|
| Size: |
36864
|
|
|
32F2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881062386.0000000032F2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32F2E000
|
| Size: |
8192
|
|
|
10003000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.2531076883.0000000010003000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
10003000
|
| Size: |
4096
|
|
|
7C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2594168416.00000000007C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C5000
|
| Size: |
8192
|
|
|
2344000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2601379573.0000000002344000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2344000
|
| Size: |
8192
|
|
|
47D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1613064182.00000000047D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
47D0000
|
| Size: |
4096
|
|
|
324F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855162981.000000000324F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
324F000
|
| Size: |
4096
|
|
|
47E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1613133874.00000000047E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
47E0000
|
| Size: |
4096
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.2165916012.0000000000408000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.2235710737.0000000000408000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
4B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855566179.0000000004B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B80000
|
| Size: |
16384
|
|
|
250E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2600256568.000000000250E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
250E000
|
| Size: |
8192
|
|
|
4B87000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855566179.0000000004B87000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B87000
|
| Size: |
4096
|
|
|
32DBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1880960019.0000000032DBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32DBD000
|
| Size: |
12288
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2589653309.0000000000467000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
176128
|
|
|
4A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2592126502.00000000004A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A0000
|
| Size: |
4096
|
|
|
4A20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2735162845.0000000004A20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
4096
|
|
|
857000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2595270624.0000000000857000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
857000
|
| Size: |
16384
|
|
|
4F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2594133741.00000000004F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F0000
|
| Size: |
4096
|
|
|
3325F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881262496.000000003325F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3325F000
|
| Size: |
4096
|
|
|
3090000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2601222041.0000000003090000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3090000
|
| Size: |
4096
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.2244745490.0000000000400000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
63E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2597269350.000000000063E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
63E000
|
| Size: |
8192
|
|
|
32EBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2803808966.0000000032EBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32EBE000
|
| Size: |
8192
|
|
|
2150000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2601023722.0000000002150000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2150000
|
| Size: |
4096
|
|
|
427000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2589761357.0000000000427000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
427000
|
| Size: |
8192
|
|
|
2D8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2681979259.0000000002D8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D8C000
|
| Size: |
16384
|
|
|
4800000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1613311267.0000000004800000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4800000
|
| Size: |
4096
|
|
|
333AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881333200.00000000333AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
333AB000
|
| Size: |
20480
|
|
|
6AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2598937497.00000000006AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6AE000
|
| Size: |
8192
|
|
|
463000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2589713599.0000000000463000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
463000
|
| Size: |
4096
|
|
|
278F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2601609808.000000000278F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
278F000
|
| Size: |
4096
|
|
|
2F2C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854370103.0000000002F2C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F2C000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2E8B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2684222891.0000000002E8B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E8B000
|
| Size: |
20480
|
|
|
40A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000000.1967052737.000000000040A000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40A000
|
| Size: |
4096
|
|
|
414000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2589825553.0000000000414000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
414000
|
| Size: |
8192
|
|
|
2060000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2600368154.0000000002060000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2060000
|
| Size: |
8192
|
|
|
66A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2592080589.000000000066A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
66A000
|
| Size: |
20480
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.2244810385.0000000000408000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
2340000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2601379573.0000000002340000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2340000
|
| Size: |
8192
|
|
|
96000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2589419368.0000000000096000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
96000
|
| Size: |
40960
|
|
|
4C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855716794.0000000004C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C1E000
|
| Size: |
8192
|
|
|
2E63000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2274424736.0000000002E63000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E63000
|
| Size: |
8192
|
|
|
670000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2592080589.0000000000670000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
670000
|
| Size: |
12288
|
|
|
2064000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2600368154.0000000002064000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2064000
|
| Size: |
8192
|
|
|
2170000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2601134844.0000000002170000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2170000
|
| Size: |
12288
|
|
|
19A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604674586.000000000019A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19A000
|
| Size: |
24576
|
|
|
2F20000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2697586092.0000000002F20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F20000
|
| Size: |
24576
|
|
|
4A50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2742101159.0000000004A50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A50000
|
| Size: |
4096
|
|
|
463000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604763885.0000000000463000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
463000
|
| Size: |
4096
|
|
|
96000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2589443201.0000000000096000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
96000
|
| Size: |
40960
|
|
|
4EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2245329307.00000000004EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4EE000
|
| Size: |
8192
|
|
|
414000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2244836454.0000000000414000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
414000
|
| Size: |
53248
|
|
|
4B50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855425113.0000000004B50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B50000
|
| Size: |
4096
|
|
|
211E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2600719549.000000000211E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
211E000
|
| Size: |
8192
|
|
|
4A10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2732551817.0000000004A10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A10000
|
| Size: |
4096
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.2589655925.0000000000400000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
335D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881475341.00000000335D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
335D0000
|
| Size: |
4096
|
|
|
2E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1853439736.0000000002E90000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E90000
|
| Size: |
4096
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.2231724123.0000000000400000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
48F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2502631633.00000000048F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
48F0000
|
| Size: |
4096
|
|
|
330AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2811879190.00000000330AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
330AE000
|
| Size: |
8192
|
|
|
40E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2244836454.000000000040E000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40E000
|
| Size: |
8192
|
|
|
463000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2244836454.0000000000463000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
463000
|
| Size: |
4096
|
|
|
21DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2246704969.00000000021DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
21DE000
|
| Size: |
8192
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2589539403.0000000000408000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
8192
|
|
|
4BDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1855652705.0000000004BDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BDE000
|
| Size: |
8192
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1321134417.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
2E47000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2601843950.0000000002E47000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E47000
|
| Size: |
8192
|
|
|
2EEE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1854370103.0000000002EEE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EEE000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000000.1967021434.0000000000401000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
2250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2261779444.0000000002250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2250000
|
| Size: |
4096
|
|
|
4ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2751412677.0000000004ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4ADE000
|
| Size: |
8192
|
|
|
6F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2600131995.00000000006F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F8000
|
| Size: |
212992
|
|
|
218F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2600695568.000000000218F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
218F000
|
| Size: |
4096
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2589443947.0000000000400000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
4A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2590223420.00000000004A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A0000
|
| Size: |
4096
|
|
|
3317F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1881186773.000000003317F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3317F000
|
| Size: |
4096
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000A.00000002.2589740010.0000000000401000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
4A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1604906242.00000000004A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A8000
|
| Size: |
151552
|
|
