|
FD2000
|
unkown
|
page readonly
|
 |
|
|
| Name: |
00000004.00000000.1248804940.0000000000FD2000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FD2000
|
| Size: |
249856
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6841000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406527599.0000000006841000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6841000
|
| Size: |
987136
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243803358.0000000007E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E00000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
6839000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255381788.0000000006839000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6839000
|
| Size: |
1064960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7C50000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407199758.0000000007C50000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7C50000
|
| Size: |
634880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
5200000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405784917.0000000005200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5200000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
5400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254470197.0000000005400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5400000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3461000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.0000000003461000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3461000
|
| Size: |
163840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7F40000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407408603.0000000007F40000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7F40000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
8100000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256187741.0000000008100000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
8100000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
6941000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255381788.0000000006941000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6941000
|
| Size: |
1560576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6805000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255381788.0000000006805000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6805000
|
| Size: |
208896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
348E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.000000000348E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
348E000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
7C00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1365934427.0000000007C00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C00000
|
| Size: |
643072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
7E00000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256080571.0000000007E00000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7E00000
|
| Size: |
634880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
6ABF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255381788.0000000006ABF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6ABF000
|
| Size: |
303104
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
432000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1251076435.0000000000432000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
432000
|
| Size: |
192512
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6705000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406527599.0000000006705000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6705000
|
| Size: |
1277952
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
2836000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002836000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2836000
|
| Size: |
741376
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
51F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1254314282.00000000051F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51F0000
|
| Size: |
57344
|
|
|
81E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244609519.00000000081E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81E0000
|
| Size: |
65536
|
|
|
5012000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405719655.0000000005012000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5012000
|
| Size: |
4096
|
|
|
38B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38B3000
|
| Size: |
8192
|
|
|
2DA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002DA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DA7000
|
| Size: |
32768
|
|
|
F62000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1228326872.0000000000F62000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F62000
|
| Size: |
208896
|
|
|
6B0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255381788.0000000006B0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B0A000
|
| Size: |
36864
|
|
|
5860000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005860000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5860000
|
| Size: |
356352
|
|
|
30C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369880608.00000000030C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30C3000
|
| Size: |
28672
|
|
|
1970000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685071270.0000000001970000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1970000
|
| Size: |
8192
|
|
|
3C07000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C07000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C07000
|
| Size: |
8192
|
|
|
27F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1227104450.000000000027F000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
27F000
|
| Size: |
147456
|
|
|
5501000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254531705.0000000005501000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5501000
|
| Size: |
12288
|
|
|
825E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407526561.000000000825E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
825E000
|
| Size: |
8192
|
|
|
7BF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366127990.0000000007BF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BF0000
|
| Size: |
16384
|
|
|
10C90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C90000
|
| Size: |
16384
|
|
|
322D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252537336.000000000322D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
322D000
|
| Size: |
28672
|
|
|
8050000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367095947.0000000008050000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8050000
|
| Size: |
65536
|
|
|
38E5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038E5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38E5000
|
| Size: |
4096
|
|
|
3882000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003882000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3882000
|
| Size: |
8192
|
|
|
11BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227691425.00000000011BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11BF000
|
| Size: |
4096
|
|
|
DB17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DB17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DB17000
|
| Size: |
4096
|
|
|
39F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39F8000
|
| Size: |
8192
|
|
|
3D08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D08000
|
| Size: |
4096
|
|
|
6870000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390076696.0000000006870000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6870000
|
| Size: |
8192
|
|
|
39E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39E0000
|
| Size: |
8192
|
|
|
5858000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005858000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5858000
|
| Size: |
4096
|
|
|
7396000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391285166.0000000007396000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7396000
|
| Size: |
12288
|
|
|
4DAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386936389.0000000004DAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DAB000
|
| Size: |
8192
|
|
|
5ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688883606.0000000005ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ADE000
|
| Size: |
8192
|
|
|
862F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256424493.000000000862F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
862F000
|
| Size: |
4096
|
|
|
11FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365514570.00000000011FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11FC000
|
| Size: |
16384
|
|
|
38C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38C0000
|
| Size: |
8192
|
|
|
6F8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690409355.0000000006F8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F8C000
|
| Size: |
16384
|
|
|
67F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389566445.00000000067F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67F9000
|
| Size: |
8192
|
|
|
5856000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005856000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5856000
|
| Size: |
4096
|
|
|
37D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1215049924.00000000037D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
37D4000
|
| Size: |
786432
|
|
|
2B763768000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351184309.000002B763768000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763768000
|
| Size: |
32768
|
|
|
4030000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1364443072.0000000004030000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4030000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
5212000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254388317.0000000005212000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5212000
|
| Size: |
4096
|
|
|
3C12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C12000
|
| Size: |
8192
|
|
|
6D10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390826823.0000000006D10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D10000
|
| Size: |
40960
|
|
|
3090000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1365548640.0000000003090000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3090000
|
| Size: |
28672
|
|
|
7D90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255935097.0000000007D90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D90000
|
| Size: |
65536
|
|
|
3570000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243902504.0000000003570000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3570000
|
| Size: |
8192
|
|
|
476000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1251188212.0000000000476000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
476000
|
| Size: |
36864
|
|
|
5990000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387741347.0000000005990000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5990000
|
| Size: |
65536
|
|
|
3CCF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003CCF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CCF000
|
| Size: |
8192
|
|
|
387B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000387B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
387B000
|
| Size: |
4096
|
|
|
3D24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D24000
|
| Size: |
8192
|
|
|
2A31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002A31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A31000
|
| Size: |
8192
|
|
|
533E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387251530.000000000533E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
533E000
|
| Size: |
8192
|
|
|
10C86000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C86000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C86000
|
| Size: |
16384
|
|
|
5B9D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388172838.0000000005B9D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B9D000
|
| Size: |
4096
|
|
|
33D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1233367809.00000000033D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33D1000
|
| Size: |
786432
|
|
|
6F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690454979.0000000006F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F90000
|
| Size: |
65536
|
|
|
585A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.000000000585A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
585A000
|
| Size: |
4096
|
|
|
3CFE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003CFE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CFE000
|
| Size: |
12288
|
|
|
3857000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.0000000003857000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3857000
|
| Size: |
217088
|
|
|
F38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243538403.0000000000F38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F38000
|
| Size: |
180224
|
|
|
14EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1220180210.00000000014EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14EC000
|
| Size: |
327680
|
|
|
4D40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386668130.0000000004D40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D40000
|
| Size: |
12288
|
|
|
3BC8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BC8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BC8000
|
| Size: |
8192
|
|
|
534A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387251530.000000000534A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
534A000
|
| Size: |
12288
|
|
|
4099000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362023219.0000000004099000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4099000
|
| Size: |
4096
|
|
|
5756000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005756000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5756000
|
| Size: |
4096
|
|
|
3212000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252467211.0000000003212000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3212000
|
| Size: |
98304
|
|
|
2953000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002953000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2953000
|
| Size: |
4096
|
|
|
3C38000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C38000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C38000
|
| Size: |
8192
|
|
|
5054000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253995264.0000000005054000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5054000
|
| Size: |
24576
|
|
|
10C9A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C9A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C9A000
|
| Size: |
12288
|
|
|
10C81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C81000
|
| Size: |
16384
|
|
|
821E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407506671.000000000821E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
821E000
|
| Size: |
8192
|
|
|
3C1E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C1E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C1E000
|
| Size: |
8192
|
|
|
3D3E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D3E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D3E000
|
| Size: |
12288
|
|
|
811E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407489159.000000000811E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
811E000
|
| Size: |
8192
|
|
|
A1F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1243045956.0000000000A1F000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A1F000
|
| Size: |
147456
|
|
|
7F10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245870354.0000000007F10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F10000
|
| Size: |
65536
|
|
|
3CE8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003CE8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE8000
|
| Size: |
8192
|
|
|
32B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685550108.00000000032B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B4000
|
| Size: |
49152
|
|
|
5043000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1253911952.0000000005043000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5043000
|
| Size: |
4096
|
|
|
32BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252962487.00000000032BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32BF000
|
| Size: |
69632
|
|
|
7D40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369229402.0000000007D40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D40000
|
| Size: |
65536
|
|
|
3188000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685225382.0000000003188000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3188000
|
| Size: |
4096
|
|
|
3C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C00000
|
| Size: |
8192
|
|
|
2E38000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252177285.0000000002E38000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E38000
|
| Size: |
32768
|
|
|
80DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407470788.00000000080DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
80DE000
|
| Size: |
8192
|
|
|
DAC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAC2000
|
| Size: |
16384
|
|
|
17BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684432789.00000000017BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17BC000
|
| Size: |
16384
|
|
|
4D48000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386668130.0000000004D48000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D48000
|
| Size: |
4096
|
|
|
2A7B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002A7B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A7B000
|
| Size: |
294912
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
158A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683662816.000000000158A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
158A000
|
| Size: |
12288
|
|
|
A401000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370730596.000000000A401000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A401000
|
| Size: |
86016
|
|
|
4F01000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405675967.0000000004F01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F01000
|
| Size: |
4096
|
|
|
5C24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388575905.0000000005C24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C24000
|
| Size: |
28672
|
|
|
5350000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387454769.0000000005350000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5350000
|
| Size: |
65536
|
|
|
322B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252467211.000000000322B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
322B000
|
| Size: |
4096
|
|
|
32DF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251751373.00000000032DF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32DF000
|
| Size: |
12288
|
|
|
508F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387119126.000000000508F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
508F000
|
| Size: |
4096
|
|
|
BEF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3698794516.000000000BEF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BEF0000
|
| Size: |
4096
|
|
|
10C68000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C68000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C68000
|
| Size: |
16384
|
|
|
866B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256450264.000000000866B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
866B000
|
| Size: |
20480
|
|
|
3275000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243309623.0000000003275000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3275000
|
| Size: |
4096
|
|
|
327E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685292430.000000000327E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
327E000
|
| Size: |
12288
|
|
|
3B8D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240607729.0000000003B8D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B8D000
|
| Size: |
458752
|
|
|
571E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.000000000571E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
571E000
|
| Size: |
4096
|
|
|
3D82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D82000
|
| Size: |
8192
|
|
|
583B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.000000000583B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
583B000
|
| Size: |
20480
|
|
|
8030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367271501.0000000008030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8030000
|
| Size: |
65536
|
|
|
2B17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002B17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B17000
|
| Size: |
8192
|
|
|
32D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253018193.00000000032D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32D1000
|
| Size: |
20480
|
|
|
30BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369907359.00000000030BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30BD000
|
| Size: |
16384
|
|
|
3DD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1361861741.0000000003DD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3DD0000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244928004.0000000007F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F40000
|
| Size: |
65536
|
|
|
5701000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005701000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5701000
|
| Size: |
28672
|
|
|
3300000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253513135.0000000003300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3300000
|
| Size: |
20480
|
|
|
3100000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404792563.0000000003100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3100000
|
| Size: |
20480
|
|
|
3BCD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BCD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BCD000
|
| Size: |
8192
|
|
|
7F70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244875477.0000000007F70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F70000
|
| Size: |
65536
|
|
|
7F50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245771722.0000000007F50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F50000
|
| Size: |
20480
|
|
|
154F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1355208266.000000000154F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
154F000
|
| Size: |
65536
|
|
|
66AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389142766.00000000066AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66AD000
|
| Size: |
12288
|
|
|
1533000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683662816.0000000001533000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1533000
|
| Size: |
221184
|
|
|
38CA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038CA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38CA000
|
| Size: |
8192
|
|
|
3D96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D96000
|
| Size: |
8192
|
|
|
2C6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C6B000
|
| Size: |
4096
|
|
|
7FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244764178.0000000007FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC0000
|
| Size: |
65536
|
|
|
940000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1377961035.0000000000940000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
4096
|
|
|
41CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1363010285.00000000041CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41CE000
|
| Size: |
24576
|
|
|
3F70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1361438138.0000000003F70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F70000
|
| Size: |
1196032
|
|
|
6D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390801947.0000000006D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D0F000
|
| Size: |
4096
|
|
|
5332000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387251530.0000000005332000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5332000
|
| Size: |
36864
|
|
|
DB08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DB08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DB08000
|
| Size: |
16384
|
|
|
30CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370196933.00000000030CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30CC000
|
| Size: |
8192
|
|
|
7DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1368708825.0000000007DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DE0000
|
| Size: |
65536
|
|
|
5310000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387251530.0000000005310000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5310000
|
| Size: |
36864
|
|
|
2D50000
|
heap
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.1404308002.0000000002D50000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
2D50000
|
| Size: |
4096
|
|
|
158F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683662816.000000000158F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
158F000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
DAD1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAD1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAD1000
|
| Size: |
16384
|
|
|
3063000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369427235.0000000003063000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3063000
|
| Size: |
36864
|
|
|
3D2D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D2D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D2D000
|
| Size: |
4096
|
|
|
4030000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1363553853.0000000004030000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4030000
|
| Size: |
1196032
|
|
|
3B82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003B82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B82000
|
| Size: |
8192
|
|
|
409D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362542145.000000000409D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
409D000
|
| Size: |
458752
|
|
|
7F00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245000748.0000000007F00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F00000
|
| Size: |
65536
|
|
|
3CD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003CD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CD6000
|
| Size: |
8192
|
|
|
10C8B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C8B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C8B000
|
| Size: |
16384
|
|
|
BE3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3698794516.000000000BE3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE3E000
|
| Size: |
16384
|
|
|
4CFA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1405282936.0000000004CFA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CFA000
|
| Size: |
4096
|
|
|
392E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000392E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
392E000
|
| Size: |
8192
|
|
|
3FB3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1364010750.0000000003FB3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB3000
|
| Size: |
507904
|
|
|
4D91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386891632.0000000004D91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D91000
|
| Size: |
61440
|
|
|
ED2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379110011.0000000000ED2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ED2000
|
| Size: |
49152
|
|
|
F8C000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1243621262.0000000000F8C000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
F8C000
|
| Size: |
16384
|
|
|
2B7637C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1350338199.000002B7637C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B7637C5000
|
| Size: |
385024
|
|
|
4CDD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1405044444.0000000004CDD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CDD000
|
| Size: |
4096
|
|
|
80F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366761590.00000000080F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80F0000
|
| Size: |
65536
|
|
|
1473000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1351356395.0000000001473000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1473000
|
| Size: |
778240
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5739000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005739000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5739000
|
| Size: |
4096
|
|
|
467000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1251188212.0000000000467000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
467000
|
| Size: |
57344
|
|
|
3F70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362023219.0000000003F70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F70000
|
| Size: |
1196032
|
|
|
5709000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005709000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5709000
|
| Size: |
4096
|
|
|
BED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227548445.0000000000BED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BED000
|
| Size: |
12288
|
|
|
DF0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1378966932.0000000000DF0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
DF0000
|
| Size: |
4096
|
|
|
3BAF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BAF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BAF000
|
| Size: |
8192
|
|
|
F53000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1228326872.0000000000F53000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F53000
|
| Size: |
45056
|
|
|
2C6D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C6D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C6D000
|
| Size: |
8192
|
|
|
2B763771000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351184309.000002B763771000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763771000
|
| Size: |
98304
|
|
|
C92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378630098.0000000000C92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C92000
|
| Size: |
4096
|
|
|
38C7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038C7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38C7000
|
| Size: |
4096
|
|
|
7D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367739857.0000000007D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D80000
|
| Size: |
65536
|
|
|
2B7650E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351526528.000002B7650E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B7650E0000
|
| Size: |
4096
|
|
|
3C9A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C9A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C9A000
|
| Size: |
8192
|
|
|
2ACE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002ACE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ACE000
|
| Size: |
28672
|
|
|
1480000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683349342.0000000001480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1480000
|
| Size: |
16384
|
|
|
4CD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405019825.0000000004CD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CD4000
|
| Size: |
4096
|
|
|
EBE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379110011.0000000000EBE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EBE000
|
| Size: |
4096
|
|
|
2D0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D0A000
|
| Size: |
49152
|
|
|
590000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1377825893.0000000000590000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
590000
|
| Size: |
4096
|
|
|
2A36000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002A36000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A36000
|
| Size: |
8192
|
|
|
7EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245242306.0000000007EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB0000
|
| Size: |
65536
|
|
|
8370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370357269.0000000008370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8370000
|
| Size: |
4096
|
|
|
7D10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369391612.0000000007D10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D10000
|
| Size: |
65536
|
|
|
3B89000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240607729.0000000003B89000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B89000
|
| Size: |
4096
|
|
|
39EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39EA000
|
| Size: |
8192
|
|
|
2B763740000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351106428.000002B763740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763740000
|
| Size: |
16384
|
|
|
C95000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1378651934.0000000000C95000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C95000
|
| Size: |
4096
|
|
|
81F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244594682.00000000081F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81F0000
|
| Size: |
28672
|
|
|
8C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407612723.0000000008C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8C3E000
|
| Size: |
8192
|
|
|
1111E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.000000001111E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1111E000
|
| Size: |
12288
|
|
|
4C80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386361543.0000000004C80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C80000
|
| Size: |
65536
|
|
|
1990000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685142463.0000000001990000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1990000
|
| Size: |
20480
|
|
|
67BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389461190.00000000067BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67BC000
|
| Size: |
16384
|
|
|
34A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.00000000034A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34A6000
|
| Size: |
4096
|
|
|
697D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390104179.000000000697D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
697D000
|
| Size: |
12288
|
|
|
D51E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700582678.000000000D51E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D51E000
|
| Size: |
12288
|
|
|
14C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683538722.00000000014C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C0000
|
| Size: |
65536
|
|
|
5F7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689049043.0000000005F7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F7D000
|
| Size: |
12288
|
|
|
3A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1241650426.0000000003A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A60000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
39F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39F0000
|
| Size: |
4096
|
|
|
2B763789000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1350651646.000002B763789000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763789000
|
| Size: |
8192
|
|
|
DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378939564.0000000000DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DE0000
|
| Size: |
12288
|
|
|
572B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.000000000572B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
572B000
|
| Size: |
36864
|
|
|
6E3D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689955540.0000000006E3D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E3D000
|
| Size: |
12288
|
|
|
2C5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C5A000
|
| Size: |
36864
|
|
|
67C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389489006.00000000067C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67C9000
|
| Size: |
24576
|
|
|
348C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.000000000348C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
348C000
|
| Size: |
4096
|
|
|
7D10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367892302.0000000007D10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D10000
|
| Size: |
65536
|
|
|
14A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1351820052.00000000014A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A3000
|
| Size: |
581632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3BBF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BBF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BBF000
|
| Size: |
8192
|
|
|
3B8D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1239522134.0000000003B8D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B8D000
|
| Size: |
458752
|
|
|
2E80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252252599.0000000002E80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E80000
|
| Size: |
12288
|
|
|
7BF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007BF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BF6000
|
| Size: |
4096
|
|
|
2FDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252343147.0000000002FDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FDE000
|
| Size: |
8192
|
|
|
6710000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389398872.0000000006710000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6710000
|
| Size: |
65536
|
|
|
5743000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005743000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5743000
|
| Size: |
4096
|
|
|
DAEA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAEA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAEA000
|
| Size: |
16384
|
|
|
7C1D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007C1D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C1D000
|
| Size: |
4096
|
|
|
3DB3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003DB3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DB3000
|
| Size: |
4096
|
|
|
415D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1363010285.000000000415D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
415D000
|
| Size: |
458752
|
|
|
DADB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DADB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DADB000
|
| Size: |
16384
|
|
|
4DB3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387049538.0000000004DB3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DB3000
|
| Size: |
8192
|
|
|
7D20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367866924.0000000007D20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D20000
|
| Size: |
65536
|
|
|
83AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256284578.00000000083AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
83AE000
|
| Size: |
8192
|
|
|
2C64000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C64000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C64000
|
| Size: |
24576
|
|
|
38A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A9000
|
| Size: |
16384
|
|
|
F94000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1231702396.0000000000F94000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F94000
|
| Size: |
471040
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2B763821000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1350454072.000002B763821000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763821000
|
| Size: |
8192
|
|
|
2B763790000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351371792.000002B763790000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763790000
|
| Size: |
24576
|
|
|
6E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689875395.0000000006E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E20000
|
| Size: |
28672
|
|
|
328B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243519711.000000000328B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
328B000
|
| Size: |
53248
|
|
|
13F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1228038443.00000000013F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F0000
|
| Size: |
24576
|
|
|
5040000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253875960.0000000005040000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5040000
|
| Size: |
8192
|
|
|
1930000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684901836.0000000001930000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1930000
|
| Size: |
4096
|
|
|
3C55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C55000
|
| Size: |
4096
|
|
|
3C4C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C4C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C4C000
|
| Size: |
4096
|
|
|
142C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1228038443.000000000142C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
142C000
|
| Size: |
151552
|
|
|
303E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404484994.000000000303E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
303E000
|
| Size: |
16384
|
|
|
84BB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3697053188.00000000084BB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
84BB000
|
| Size: |
20480
|
|
|
3746000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.0000000003746000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3746000
|
| Size: |
1114112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7BFC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007BFC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BFC000
|
| Size: |
4096
|
|
|
6840000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390032439.0000000006840000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6840000
|
| Size: |
65536
|
|
|
DAF4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAF4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAF4000
|
| Size: |
16384
|
|
|
149E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1353872362.000000000149E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
149E000
|
| Size: |
16384
|
|
|
4D60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386784795.0000000004D60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D60000
|
| Size: |
36864
|
|
|
38C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1241433098.00000000038C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38C0000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
6E40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690038057.0000000006E40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E40000
|
| Size: |
20480
|
|
|
520E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387192102.000000000520E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
520E000
|
| Size: |
8192
|
|
|
A4E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365348836.0000000000A4E000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A4E000
|
| Size: |
36864
|
|
|
4CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405077851.0000000004CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CE0000
|
| Size: |
8192
|
|
|
2C08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C08000
|
| Size: |
4096
|
|
|
7C25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007C25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C25000
|
| Size: |
36864
|
|
|
500000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1242738937.0000000000500000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
500000
|
| Size: |
4096
|
|
|
41CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1364443072.00000000041CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41CE000
|
| Size: |
24576
|
|
|
3B93000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003B93000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B93000
|
| Size: |
8192
|
|
|
9A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378132127.00000000009A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9A0000
|
| Size: |
45056
|
|
|
3957000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003957000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3957000
|
| Size: |
4096
|
|
|
2B1C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002B1C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B1C000
|
| Size: |
8192
|
|
|
9E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378275064.00000000009E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9E6000
|
| Size: |
53248
|
|
|
EF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379349185.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EF0000
|
| Size: |
16384
|
|
|
2C25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C25000
|
| Size: |
212992
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4D30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1386633120.0000000004D30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D30000
|
| Size: |
65536
|
|
|
3254000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252684839.0000000003254000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3254000
|
| Size: |
98304
|
|
|
5CD0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1388948296.0000000005CD0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5CD0000
|
| Size: |
16384
|
|
|
327F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243623810.000000000327F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
327F000
|
| Size: |
4096
|
|
|
5724000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005724000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5724000
|
| Size: |
4096
|
|
|
6E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391135473.0000000006E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E3E000
|
| Size: |
8192
|
|
|
56FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405908659.00000000056FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56FE000
|
| Size: |
8192
|
|
|
430000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1250923320.0000000000430000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
430000
|
| Size: |
4096
|
|
|
7EF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245158858.0000000007EF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF1000
|
| Size: |
61440
|
|
|
388D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.000000000388D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
388D000
|
| Size: |
225280
|
|
|
5741000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005741000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5741000
|
| Size: |
4096
|
|
|
5F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389060832.0000000005F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5F30000
|
| Size: |
65536
|
|
|
4DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253731549.0000000004DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
7ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256145371.0000000007ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED0000
|
| Size: |
4096
|
|
|
74CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391348380.00000000074CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
74CE000
|
| Size: |
8192
|
|
|
426000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1251928414.0000000000426000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
426000
|
| Size: |
4096
|
|
|
38E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1351462728.00000000038E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
38E0000
|
| Size: |
786432
|
|
|
327E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243326199.000000000327E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
327E000
|
| Size: |
106496
|
|
|
6DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391105391.0000000006DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DFE000
|
| Size: |
8192
|
|
|
3D2A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D2A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D2A000
|
| Size: |
8192
|
|
|
86AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256506939.00000000086AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
86AE000
|
| Size: |
8192
|
|
|
10C6D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C6D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C6D000
|
| Size: |
16384
|
|
|
2B76378C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1350651646.000002B76378C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B76378C000
|
| Size: |
12288
|
|
|
14F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1218638302.00000000014F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F2000
|
| Size: |
118784
|
|
|
3C5D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C5D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C5D000
|
| Size: |
8192
|
|
|
4D07000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1405377024.0000000004D07000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D07000
|
| Size: |
4096
|
|
|
7EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245925775.0000000007EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE0000
|
| Size: |
65536
|
|
|
3D54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D54000
|
| Size: |
8192
|
|
|
5758000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005758000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5758000
|
| Size: |
4096
|
|
|
191D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3684795300.000000000191D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
191D000
|
| Size: |
4096
|
|
|
5060000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254019240.0000000005060000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5060000
|
| Size: |
4096
|
|
|
1532000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1366162407.0000000001532000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1532000
|
| Size: |
61440
|
|
|
34FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253580236.00000000034FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34FF000
|
| Size: |
4096
|
|
|
2A4D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002A4D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A4D000
|
| Size: |
180224
|
|
|
1926000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3684857135.0000000001926000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1926000
|
| Size: |
8192
|
|
|
FB033FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351001014.000000FB033FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FB033FB000
|
| Size: |
20480
|
|
|
3BFE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1239522134.0000000003BFE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3BFE000
|
| Size: |
24576
|
|
|
A4E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000C.00000000.1350047887.0000000000A4E000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
A4E000
|
| Size: |
8192
|
|
|
67F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389566445.00000000067F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67F5000
|
| Size: |
12288
|
|
|
3076000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1365578372.0000000003076000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3076000
|
| Size: |
106496
|
|
|
18F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684654419.00000000018F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18F0000
|
| Size: |
8192
|
|
|
4E12000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405656126.0000000004E12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E12000
|
| Size: |
12288
|
|
|
30CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369844017.00000000030CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30CA000
|
| Size: |
53248
|
|
|
994000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378067360.0000000000994000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
994000
|
| Size: |
12288
|
|
|
7D30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369291204.0000000007D30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D30000
|
| Size: |
65536
|
|
|
28FC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.00000000028FC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28FC000
|
| Size: |
4096
|
|
|
7BF4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007BF4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BF4000
|
| Size: |
4096
|
|
|
5BE8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388421250.0000000005BE8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BE8000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
7310000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690900851.0000000007310000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7310000
|
| Size: |
57344
|
|
|
7ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245943555.0000000007ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED0000
|
| Size: |
65536
|
|
|
5044000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253936092.0000000005044000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5044000
|
| Size: |
4096
|
|
|
3054000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404550170.0000000003054000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3054000
|
| Size: |
45056
|
|
|
59E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1242828824.000000000059E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59E000
|
| Size: |
8192
|
|
|
680F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389566445.000000000680F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
680F000
|
| Size: |
8192
|
|
|
302D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404484994.000000000302D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
302D000
|
| Size: |
24576
|
|
|
2B763690000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351074010.000002B763690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763690000
|
| Size: |
4096
|
|
|
394A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000394A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
394A000
|
| Size: |
8192
|
|
|
3286000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243607216.0000000003286000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3286000
|
| Size: |
12288
|
|
|
7F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245798355.0000000007F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F40000
|
| Size: |
65536
|
|
|
5F2C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389030746.0000000005F2C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F2C000
|
| Size: |
16384
|
|
|
4D02000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405358416.0000000004D02000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D02000
|
| Size: |
4096
|
|
|
9B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378181006.00000000009B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
4096
|
|
|
10AA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683026158.00000000010AA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10AA000
|
| Size: |
24576
|
|
|
2B7637C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351441519.000002B7637C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B7637C5000
|
| Size: |
376832
|
|
|
DAC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAC0000
|
| Size: |
4096
|
|
|
1820000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684534583.0000000001820000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1820000
|
| Size: |
4096
|
|
|
2967000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002967000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2967000
|
| Size: |
458752
|
|
|
2B763760000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351184309.000002B763760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763760000
|
| Size: |
28672
|
|
|
3840000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003840000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3840000
|
| Size: |
4096
|
|
|
5A00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387872189.0000000005A00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A00000
|
| Size: |
65536
|
|
|
1547000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1353823485.0000000001547000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1547000
|
| Size: |
176128
|
|
|
3B89000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1242268977.0000000003B89000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B89000
|
| Size: |
4096
|
|
|
410E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362023219.000000000410E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
410E000
|
| Size: |
24576
|
|
|
2B76374E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351106428.000002B76374E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B76374E000
|
| Size: |
4096
|
|
|
462000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1251188212.0000000000462000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
462000
|
| Size: |
16384
|
|
|
39A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1228540061.00000000039A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39A4000
|
| Size: |
8192
|
|
|
11EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365514570.00000000011EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11EF000
|
| Size: |
4096
|
|
|
1458000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365842008.0000000001458000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1458000
|
| Size: |
110592
|
|
|
5321000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387251530.0000000005321000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5321000
|
| Size: |
16384
|
|
|
9B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378202815.00000000009B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9B2000
|
| Size: |
4096
|
|
|
493B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386335987.000000000493B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
493B000
|
| Size: |
20480
|
|
|
1454000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1216196439.0000000001454000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1454000
|
| Size: |
622592
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5960000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387621391.0000000005960000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5960000
|
| Size: |
65536
|
|
|
35E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404893348.00000000035E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
35E0000
|
| Size: |
4096
|
|
|
7BFE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007BFE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BFE000
|
| Size: |
12288
|
|
|
6808000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389566445.0000000006808000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6808000
|
| Size: |
4096
|
|
|
A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378275064.0000000000A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A01000
|
| Size: |
618496
|
|
|
1FED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1228362891.0000000001FED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1FED000
|
| Size: |
12288
|
|
|
3B89000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1241650426.0000000003B89000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B89000
|
| Size: |
4096
|
|
|
A57000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1243216504.0000000000A57000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A57000
|
| Size: |
856064
|
|
|
5B1C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688905301.0000000005B1C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B1C000
|
| Size: |
16384
|
|
|
34A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.00000000034A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34A2000
|
| Size: |
12288
|
|
|
13F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1228038443.00000000013F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F8000
|
| Size: |
184320
|
|
|
3975000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003975000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3975000
|
| Size: |
4096
|
|
|
5077000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1254151542.0000000005077000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5077000
|
| Size: |
4096
|
|
|
7D30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367844556.0000000007D30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D30000
|
| Size: |
65536
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245714773.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
65536
|
|
|
180B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684507969.000000000180B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
180B000
|
| Size: |
20480
|
|
|
10C63000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C63000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C63000
|
| Size: |
16384
|
|
|
5754000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005754000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5754000
|
| Size: |
4096
|
|
|
4159000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1363010285.0000000004159000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4159000
|
| Size: |
4096
|
|
|
1F1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1214365780.00000000001F1000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
1F1000
|
| Size: |
581632
|
|
|
1422000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1215291630.0000000001422000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1422000
|
| Size: |
208896
|
|
|
11DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365514570.00000000011DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11DB000
|
| Size: |
20480
|
|
|
4F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387093231.0000000004F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F8E000
|
| Size: |
8192
|
|
|
2A41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002A41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A41000
|
| Size: |
16384
|
|
|
585E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.000000000585E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
585E000
|
| Size: |
4096
|
|
|
5801000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005801000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5801000
|
| Size: |
106496
|
|
|
980000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1238674372.0000000000980000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
980000
|
| Size: |
4096
|
|
|
D516000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700582678.000000000D516000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D516000
|
| Size: |
8192
|
|
|
3BFE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240607729.0000000003BFE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3BFE000
|
| Size: |
24576
|
|
|
328E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685292430.000000000328E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
328E000
|
| Size: |
4096
|
|
|
7DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256041783.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DF0000
|
| Size: |
65536
|
|
|
1454000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1218707649.0000000001454000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1454000
|
| Size: |
589824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
8250000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244480529.0000000008250000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8250000
|
| Size: |
65536
|
|
|
29D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.00000000029D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29D8000
|
| Size: |
12288
|
|
|
9BA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1378250114.00000000009BA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
9BA000
|
| Size: |
20480
|
|
|
4DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386936389.0000000004DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DA0000
|
| Size: |
4096
|
|
|
3252000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1242427512.0000000003252000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3252000
|
| Size: |
4096
|
|
|
2CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404233391.0000000002CF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CF0000
|
| Size: |
4096
|
|
|
1530000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683662816.0000000001530000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1530000
|
| Size: |
4096
|
|
|
3282000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243553489.0000000003282000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3282000
|
| Size: |
28672
|
|
|
60FC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689141969.00000000060FC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
60FC000
|
| Size: |
16384
|
|
|
59F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1387833193.00000000059F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
59F0000
|
| Size: |
65536
|
|
|
3D1F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D1F000
|
| Size: |
4096
|
|
|
449A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688494682.000000000449A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
449A000
|
| Size: |
4096
|
|
|
102A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1231636511.000000000102A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
102A000
|
| Size: |
176128
|
|
|
990000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378011800.0000000000990000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
990000
|
| Size: |
12288
|
|
|
2D29000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002D29000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D29000
|
| Size: |
8192
|
|
|
39E3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240488383.00000000039E3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
39E3000
|
| Size: |
507904
|
|
|
3BD3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BD3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BD3000
|
| Size: |
8192
|
|
|
8E01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256588015.0000000008E01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E01000
|
| Size: |
16384
|
|
|
BDEA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3698794516.000000000BDEA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BDEA000
|
| Size: |
4096
|
|
|
146C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683289077.000000000146C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
146C000
|
| Size: |
16384
|
|
|
5C01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388497851.0000000005C01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C01000
|
| Size: |
28672
|
|
|
F94000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243659215.0000000000F94000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F94000
|
| Size: |
471040
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
328A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685292430.000000000328A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
328A000
|
| Size: |
4096
|
|
|
1980000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685094978.0000000001980000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1980000
|
| Size: |
65536
|
|
|
7D28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407252282.0000000007D28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D28000
|
| Size: |
32768
|
|
|
7ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245203501.0000000007ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED0000
|
| Size: |
65536
|
|
|
3843000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003843000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3843000
|
| Size: |
8192
|
|
|
F62000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1228213749.0000000000F62000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F62000
|
| Size: |
208896
|
|
|
5722000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005722000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5722000
|
| Size: |
4096
|
|
|
7F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245824136.0000000007F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F30000
|
| Size: |
65536
|
|
|
14A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1351194215.00000000014A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A4000
|
| Size: |
45056
|
|
|
82AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256257141.00000000082AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
82AE000
|
| Size: |
8192
|
|
|
30D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404750790.00000000030D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30D6000
|
| Size: |
4096
|
|
|
192A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3684879885.000000000192A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
192A000
|
| Size: |
8192
|
|
|
6CCD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390701272.0000000006CCD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CCD000
|
| Size: |
12288
|
|
|
C97000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1378678923.0000000000C97000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C97000
|
| Size: |
4096
|
|
|
3D8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D8F000
|
| Size: |
8192
|
|
|
7DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1368872661.0000000007DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DA0000
|
| Size: |
20480
|
|
|
5072000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254136055.0000000005072000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5072000
|
| Size: |
4096
|
|
|
384E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000384E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
384E000
|
| Size: |
8192
|
|
|
1410000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683198735.0000000001410000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1410000
|
| Size: |
4096
|
|
|
1220000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365679680.0000000001220000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1220000
|
| Size: |
4096
|
|
|
2AD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002AD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AD6000
|
| Size: |
4096
|
|
|
2BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BB0000
|
| Size: |
36864
|
|
|
2C83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C83000
|
| Size: |
4096
|
|
|
3279000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243212683.0000000003279000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3279000
|
| Size: |
126976
|
|
|
5E7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689022609.0000000005E7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E7B000
|
| Size: |
20480
|
|
|
8020000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367298335.0000000008020000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8020000
|
| Size: |
32768
|
|
|
30C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370258224.00000000030C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30C6000
|
| Size: |
16384
|
|
|
4D30000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1405438907.0000000004D30000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4D30000
|
| Size: |
4096
|
|
|
190D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3684736331.000000000190D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
190D000
|
| Size: |
4096
|
|
|
735F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391212491.000000000735F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
735F000
|
| Size: |
4096
|
|
|
3CE1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003CE1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE1000
|
| Size: |
8192
|
|
|
4D4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386668130.0000000004D4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D4A000
|
| Size: |
24576
|
|
|
1F1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1227021691.00000000001F1000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
1F1000
|
| Size: |
581632
|
|
|
18CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684628266.00000000018CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
18CC000
|
| Size: |
16384
|
|
|
6824000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389881455.0000000006824000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6824000
|
| Size: |
36864
|
|
|
F94000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1229017285.0000000000F94000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F94000
|
| Size: |
471040
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
69AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390248474.00000000069AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
69AF000
|
| Size: |
57344
|
|
|
3855000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003855000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3855000
|
| Size: |
4096
|
|
|
A44000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1243045956.0000000000A44000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A44000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
78DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255769656.00000000078DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
78DE000
|
| Size: |
8192
|
|
|
7FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244783179.0000000007FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB0000
|
| Size: |
65536
|
|
|
29EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.00000000029EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29EE000
|
| Size: |
8192
|
|
|
32F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253483558.00000000032F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32F3000
|
| Size: |
28672
|
|
|
2B763745000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351106428.000002B763745000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763745000
|
| Size: |
32768
|
|
|
140BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3702913490.00000000140BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
140BE000
|
| Size: |
8192
|
|
|
30B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404593699.00000000030B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30B2000
|
| Size: |
61440
|
|
|
4D20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386589484.0000000004D20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D20000
|
| Size: |
4096
|
|
|
66C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389168475.00000000066C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
66C0000
|
| Size: |
28672
|
|
|
6ACB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390343898.0000000006ACB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6ACB000
|
| Size: |
12288
|
|
|
9B6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1378226193.00000000009B6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
9B6000
|
| Size: |
12288
|
|
|
60BC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689115985.00000000060BC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
60BC000
|
| Size: |
16384
|
|
|
395A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000395A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
395A000
|
| Size: |
8192
|
|
|
3894000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003894000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3894000
|
| Size: |
8192
|
|
|
3CC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003CC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CC2000
|
| Size: |
8192
|
|
|
30DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370710850.00000000030DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30DB000
|
| Size: |
32768
|
|
|
3DB1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1226194956.0000000003DB1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3DB1000
|
| Size: |
856064
|
|
|
39E3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1242067280.00000000039E3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
39E3000
|
| Size: |
507904
|
|
|
3A12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003A12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A12000
|
| Size: |
8192
|
|
|
6D2A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390943940.0000000006D2A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D2A000
|
| Size: |
8192
|
|
|
2B05000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002B05000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B05000
|
| Size: |
8192
|
|
|
39A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1228540061.00000000039A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39A0000
|
| Size: |
8192
|
|
|
1BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1228340591.0000000001BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1BEE000
|
| Size: |
8192
|
|
|
5C20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388575905.0000000005C20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C20000
|
| Size: |
12288
|
|
|
A600000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407651219.000000000A600000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A600000
|
| Size: |
4096
|
|
|
A44000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1365265944.0000000000A44000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A44000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
5BB3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388233067.0000000005BB3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB3000
|
| Size: |
12288
|
|
|
3950000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003950000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3950000
|
| Size: |
8192
|
|
|
5C70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1388874459.0000000005C70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5C70000
|
| Size: |
65536
|
|
|
3C7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C7E000
|
| Size: |
12288
|
|
|
3087000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1365768037.0000000003087000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3087000
|
| Size: |
4096
|
|
|
6B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390376869.0000000006B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B80000
|
| Size: |
36864
|
|
|
1451000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1220230905.0000000001451000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1451000
|
| Size: |
8192
|
|
|
991000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000000.1226489909.0000000000991000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
991000
|
| Size: |
581632
|
|
|
5C40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388749885.0000000005C40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C40000
|
| Size: |
65536
|
|
|
7C40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407177644.0000000007C40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C40000
|
| Size: |
65536
|
|
|
1424000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1215710477.0000000001424000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1424000
|
| Size: |
782336
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
EEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243323739.0000000000EEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EEF000
|
| Size: |
4096
|
|
|
5701000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1254581000.0000000005701000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5701000
|
| Size: |
20480
|
|
|
5EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1377877771.00000000005EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EE000
|
| Size: |
8192
|
|
|
4CE0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1386539601.0000000004CE0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
4D45000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386668130.0000000004D45000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D45000
|
| Size: |
8192
|
|
|
65AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389110403.00000000065AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
65AE000
|
| Size: |
8192
|
|
|
7C11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007C11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C11000
|
| Size: |
8192
|
|
|
3A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A40000
|
| Size: |
712704
|
|
|
306D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404593699.000000000306D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
306D000
|
| Size: |
266240
|
|
|
391D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000391D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
391D000
|
| Size: |
8192
|
|
|
11119000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000011119000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
11119000
|
| Size: |
16384
|
|
|
7380000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391241317.0000000007380000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7380000
|
| Size: |
12288
|
|
|
32DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251751373.00000000032DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32DD000
|
| Size: |
4096
|
|
|
30C2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404731302.00000000030C2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30C2000
|
| Size: |
57344
|
|
|
BE43000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3698794516.000000000BE43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE43000
|
| Size: |
249856
|
|
|
2EB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252281425.0000000002EB0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EB0000
|
| Size: |
4096
|
|
|
38FE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038FE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38FE000
|
| Size: |
8192
|
|
|
193B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3684984412.000000000193B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
193B000
|
| Size: |
4096
|
|
|
BD40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3698794516.000000000BD40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD40000
|
| Size: |
688128
|
|
|
409D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362023219.000000000409D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
409D000
|
| Size: |
458752
|
|
|
4D20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405420752.0000000004D20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D20000
|
| Size: |
4096
|
|
|
39E3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1239384042.00000000039E3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
39E3000
|
| Size: |
507904
|
|
|
3D5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D5A000
|
| Size: |
8192
|
|
|
4D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405459886.0000000004D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D7E000
|
| Size: |
8192
|
|
|
353E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253602941.000000000353E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
353E000
|
| Size: |
8192
|
|
|
6997000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390190226.0000000006997000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6997000
|
| Size: |
12288
|
|
|
2AE000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1214488451.00000000002AE000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
2AE000
|
| Size: |
8192
|
|
|
8360000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370014285.0000000008360000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8360000
|
| Size: |
36864
|
|
|
6BDB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689328967.0000000006BDB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BDB000
|
| Size: |
20480
|
|
|
3E90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1364010750.0000000003E90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3E90000
|
| Size: |
1187840
|
|
|
324A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1242427512.000000000324A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
324A000
|
| Size: |
24576
|
|
|
2B2000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1214488451.00000000002B2000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
2B2000
|
| Size: |
8192
|
|
|
5062000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254035829.0000000005062000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5062000
|
| Size: |
4096
|
|
|
6E40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1391160246.0000000006E40000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6E40000
|
| Size: |
4096
|
|
|
5BFD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388421250.0000000005BFD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BFD000
|
| Size: |
12288
|
|
|
8370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370593401.0000000008370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8370000
|
| Size: |
8192
|
|
|
8230000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244538278.0000000008230000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8230000
|
| Size: |
4096
|
|
|
1474000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1215331273.0000000001474000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1474000
|
| Size: |
4096
|
|
|
154E000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1366205450.000000000154E000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
154E000
|
| Size: |
4096
|
|
|
2959000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002959000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2959000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6A9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689256752.0000000006A9B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A9B000
|
| Size: |
20480
|
|
|
5200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254349426.0000000005200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5200000
|
| Size: |
4096
|
|
|
3BFE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1241062204.0000000003BFE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3BFE000
|
| Size: |
24576
|
|
|
680A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389566445.000000000680A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
680A000
|
| Size: |
8192
|
|
|
2BFB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002BFB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BFB000
|
| Size: |
8192
|
|
|
4D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386822896.0000000004D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D70000
|
| Size: |
65536
|
|
|
2A00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002A00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A00000
|
| Size: |
20480
|
|
|
EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379315214.0000000000EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EE0000
|
| Size: |
65536
|
|
|
3220000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1242271948.0000000003220000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3220000
|
| Size: |
36864
|
|
|
35F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404910167.00000000035F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
35F0000
|
| Size: |
4096
|
|
|
7EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245963984.0000000007EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC0000
|
| Size: |
65536
|
|
|
DAFE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAFE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAFE000
|
| Size: |
16384
|
|
|
1F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1226968032.00000000001F0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
390B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000390B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
390B000
|
| Size: |
4096
|
|
|
5841000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005841000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5841000
|
| Size: |
4096
|
|
|
582B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.000000000582B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
582B000
|
| Size: |
53248
|
|
|
386E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000386E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
386E000
|
| Size: |
8192
|
|
|
2D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404288141.0000000002D40000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D40000
|
| Size: |
4096
|
|
|
7F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244891141.0000000007F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F60000
|
| Size: |
65536
|
|
|
32B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685550108.00000000032B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B0000
|
| Size: |
4096
|
|
|
FB029FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1350821596.000000FB029FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FB029FE000
|
| Size: |
8192
|
|
|
1280000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365780729.0000000001280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1280000
|
| Size: |
20480
|
|
|
39FE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039FE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39FE000
|
| Size: |
8192
|
|
|
3270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685292430.0000000003270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
20480
|
|
|
5824000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005824000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5824000
|
| Size: |
4096
|
|
|
279F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379430278.000000000279F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
279F000
|
| Size: |
4096
|
|
|
6801000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255381788.0000000006801000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6801000
|
| Size: |
8192
|
|
|
571C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.000000000571C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
571C000
|
| Size: |
4096
|
|
|
2955000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002955000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2955000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7DF0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1407349253.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DF0000
|
| Size: |
28672
|
|
|
2DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404346001.0000000002DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DEE000
|
| Size: |
8192
|
|
|
8060000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367068699.0000000008060000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8060000
|
| Size: |
65536
|
|
|
326C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685267677.000000000326C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
326C000
|
| Size: |
16384
|
|
|
11DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227691425.00000000011DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11DB000
|
| Size: |
20480
|
|
|
426000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1404115834.0000000000426000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
426000
|
| Size: |
4096
|
|
|
581E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.000000000581E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
581E000
|
| Size: |
4096
|
|
|
EA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379110011.0000000000EA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EA4000
|
| Size: |
16384
|
|
|
2B2C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002B2C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B2C000
|
| Size: |
16384
|
|
|
81B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244658741.00000000081B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81B0000
|
| Size: |
65536
|
|
|
FB02AFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1350843722.000000FB02AFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FB02AFF000
|
| Size: |
4096
|
|
|
991000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000C.00000000.1349837084.0000000000991000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
991000
|
| Size: |
581632
|
|
|
507B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1254176285.000000000507B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
507B000
|
| Size: |
4096
|
|
|
8200000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244567780.0000000008200000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8200000
|
| Size: |
196608
|
|
|
2B76378F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1350624445.000002B76378F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B76378F000
|
| Size: |
28672
|
|
|
1997000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685142463.0000000001997000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1997000
|
| Size: |
28672
|
|
|
2BEB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252151546.0000000002BEB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BEB000
|
| Size: |
20480
|
|
|
410E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1361438138.000000000410E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
410E000
|
| Size: |
24576
|
|
|
FB030FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1350928965.000000FB030FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FB030FE000
|
| Size: |
8192
|
|
|
3D38000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D38000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D38000
|
| Size: |
4096
|
|
|
5070000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254104171.0000000005070000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5070000
|
| Size: |
4096
|
|
|
50A0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1254229795.00000000050A0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
50A0000
|
| Size: |
4096
|
|
|
302A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404436304.000000000302A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
302A000
|
| Size: |
8192
|
|
|
3C45000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C45000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C45000
|
| Size: |
8192
|
|
|
81A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244674371.00000000081A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81A0000
|
| Size: |
65536
|
|
|
10C4F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C4F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C4F000
|
| Size: |
16384
|
|
|
6D20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390943940.0000000006D20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D20000
|
| Size: |
36864
|
|
|
3280000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243571348.0000000003280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3280000
|
| Size: |
8192
|
|
|
363E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253621899.000000000363E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
363E000
|
| Size: |
8192
|
|
|
3002000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252392803.0000000003002000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3002000
|
| Size: |
24576
|
|
|
AB2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378275064.0000000000AB2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AB2000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3968000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003968000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3968000
|
| Size: |
8192
|
|
|
7FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244721018.0000000007FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE0000
|
| Size: |
53248
|
|
|
7F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244958213.0000000007F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F20000
|
| Size: |
65536
|
|
|
3BE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BE6000
|
| Size: |
16384
|
|
|
5854000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005854000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5854000
|
| Size: |
4096
|
|
|
4CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404971558.0000000004CD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CD0000
|
| Size: |
8192
|
|
|
5735000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005735000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5735000
|
| Size: |
12288
|
|
|
389E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000389E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
389E000
|
| Size: |
8192
|
|
|
2D1D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002D1D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D1D000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
5C30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388711386.0000000005C30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C30000
|
| Size: |
61440
|
|
|
2BDC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002BDC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BDC000
|
| Size: |
8192
|
|
|
BEAC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3698794516.000000000BEAC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BEAC000
|
| Size: |
274432
|
|
|
84FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3697242636.00000000084FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
84FC000
|
| Size: |
16384
|
|
|
C90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378598793.0000000000C90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C90000
|
| Size: |
4096
|
|
|
1454000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1220230905.0000000001454000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1454000
|
| Size: |
606208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3D45000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D45000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D45000
|
| Size: |
4096
|
|
|
4D0B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1405395989.0000000004D0B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D0B000
|
| Size: |
4096
|
|
|
7EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245907981.0000000007EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF0000
|
| Size: |
65536
|
|
|
763E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3691174745.000000000763E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
763E000
|
| Size: |
8192
|
|
|
5C14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388575905.0000000005C14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C14000
|
| Size: |
8192
|
|
|
1904000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684716263.0000000001904000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1904000
|
| Size: |
8192
|
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378275064.00000000009C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9C0000
|
| Size: |
49152
|
|
|
A9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378275064.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A9A000
|
| Size: |
65536
|
|
|
39D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39D3000
|
| Size: |
8192
|
|
|
5F89000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689072912.0000000005F89000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F89000
|
| Size: |
8192
|
|
|
2B763796000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1350565649.000002B763796000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763796000
|
| Size: |
4096
|
|
|
5970000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688820393.0000000005970000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5970000
|
| Size: |
4096
|
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227875582.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12E0000
|
| Size: |
16384
|
|
|
6D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689820821.0000000006D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D1E000
|
| Size: |
8192
|
|
|
80C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366876236.00000000080C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80C0000
|
| Size: |
4096
|
|
|
3494000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.0000000003494000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3494000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2180000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1228383290.0000000002180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2180000
|
| Size: |
4096
|
|
|
DAE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAE0000
|
| Size: |
16384
|
|
|
7D30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255863237.0000000007D30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D30000
|
| Size: |
65536
|
|
|
2A2C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002A2C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A2C000
|
| Size: |
8192
|
|
|
7D60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367778963.0000000007D60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D60000
|
| Size: |
65536
|
|
|
A400000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407633552.000000000A400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A400000
|
| Size: |
4096
|
|
|
DD0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1378904587.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DD0000
|
| Size: |
65536
|
|
|
7D00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367918248.0000000007D00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D00000
|
| Size: |
65536
|
|
|
3243000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252630504.0000000003243000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3243000
|
| Size: |
65536
|
|
|
8235000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244538278.0000000008235000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8235000
|
| Size: |
45056
|
|
|
5BE4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388393261.0000000005BE4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BE4000
|
| Size: |
12288
|
|
|
E9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379076580.0000000000E9C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E9C000
|
| Size: |
16384
|
|
|
990000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1364887386.0000000000990000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
990000
|
| Size: |
4096
|
|
|
147A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365842008.000000000147A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147A000
|
| Size: |
139264
|
|
|
3020000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1364186061.0000000003020000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3020000
|
| Size: |
36864
|
|
|
6EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690214668.0000000006EA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6EA0000
|
| Size: |
65536
|
|
|
1935000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3684942159.0000000001935000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1935000
|
| Size: |
4096
|
|
|
A52000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000C.00000000.1350047887.0000000000A52000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
A52000
|
| Size: |
8192
|
|
|
84EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256364257.00000000084EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
84EE000
|
| Size: |
8192
|
|
|
3960000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003960000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3960000
|
| Size: |
4096
|
|
|
2220000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1366693725.0000000002220000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2220000
|
| Size: |
8192
|
|
|
8070000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367039565.0000000008070000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8070000
|
| Size: |
65536
|
|
|
1B39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1228555612.0000000001B39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B39000
|
| Size: |
786432
|
|
|
A44000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1226569067.0000000000A44000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A44000
|
| Size: |
40960
|
|
|
3D69000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D69000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D69000
|
| Size: |
4096
|
|
|
5326000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387251530.0000000005326000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5326000
|
| Size: |
45056
|
|
|
38D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38D0000
|
| Size: |
4096
|
|
|
8240000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244509802.0000000008240000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8240000
|
| Size: |
65536
|
|
|
5C60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1388832435.0000000005C60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5C60000
|
| Size: |
65536
|
|
|
5301000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405847715.0000000005301000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5301000
|
| Size: |
12288
|
|
|
36FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404928716.00000000036FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36FE000
|
| Size: |
8192
|
|
|
7C04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007C04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C04000
|
| Size: |
8192
|
|
|
7F50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244908370.0000000007F50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F50000
|
| Size: |
65536
|
|
|
32E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253422812.00000000032E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32E8000
|
| Size: |
32768
|
|
|
3DA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003DA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DA2000
|
| Size: |
4096
|
|
|
FD0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1248750438.0000000000FD0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FD0000
|
| Size: |
4096
|
|
|
9AD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1378155470.00000000009AD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
9AD000
|
| Size: |
4096
|
|
|
38C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1239384042.00000000038C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38C0000
|
| Size: |
1187840
|
|
|
2BC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002BC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BC2000
|
| Size: |
8192
|
|
|
2D5D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D5D000
|
| Size: |
294912
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2B7637AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1350338199.000002B7637AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B7637AD000
|
| Size: |
86016
|
|
|
33D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243821626.00000000033D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
33D0000
|
| Size: |
741376
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
4CC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386501978.0000000004CC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CC0000
|
| Size: |
61440
|
|
|
1B3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1227449698.0000000001B3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B3F000
|
| Size: |
786432
|
|
|
7D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367759221.0000000007D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D70000
|
| Size: |
65536
|
|
|
11FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227691425.00000000011FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11FC000
|
| Size: |
16384
|
|
|
3D33000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D33000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D33000
|
| Size: |
8192
|
|
|
5752000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005752000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5752000
|
| Size: |
4096
|
|
|
3CEE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003CEE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CEE000
|
| Size: |
4096
|
|
|
3080000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1365690756.0000000003080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3080000
|
| Size: |
32768
|
|
|
30D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404769698.00000000030D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30D8000
|
| Size: |
36864
|
|
|
DAD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAD6000
|
| Size: |
16384
|
|
|
10C7C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C7C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C7C000
|
| Size: |
16384
|
|
|
5A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1377849757.00000000005A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A0000
|
| Size: |
8192
|
|
|
7F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245845425.0000000007F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F20000
|
| Size: |
65536
|
|
|
6E47000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690038057.0000000006E47000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E47000
|
| Size: |
32768
|
|
|
7CF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367943096.0000000007CF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7CF6000
|
| Size: |
40960
|
|
|
7D22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407252282.0000000007D22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D22000
|
| Size: |
4096
|
|
|
172E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243742622.000000000172E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
172E000
|
| Size: |
8192
|
|
|
7391000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391265465.0000000007391000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7391000
|
| Size: |
4096
|
|
|
294B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.000000000294B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
294B000
|
| Size: |
4096
|
|
|
AFA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227294756.0000000000AFA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AFA000
|
| Size: |
24576
|
|
|
1910000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684755931.0000000001910000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1910000
|
| Size: |
45056
|
|
|
4DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405578613.0000000004DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DE0000
|
| Size: |
65536
|
|
|
7FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244805031.0000000007FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA0000
|
| Size: |
65536
|
|
|
A57000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1365381135.0000000000A57000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A57000
|
| Size: |
856064
|
|
|
2B7637C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1350474533.000002B7637C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B7637C5000
|
| Size: |
376832
|
|
|
530F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387218163.000000000530F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
530F000
|
| Size: |
4096
|
|
|
CB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378739729.0000000000CB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CB0000
|
| Size: |
4096
|
|
|
3276000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243276974.0000000003276000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3276000
|
| Size: |
8192
|
|
|
720B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690793388.000000000720B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
720B000
|
| Size: |
20480
|
|
|
3F70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362542145.0000000003F70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F70000
|
| Size: |
1196032
|
|
|
99D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1378097568.000000000099D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
99D000
|
| Size: |
4096
|
|
|
F2C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243323739.0000000000F2C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F2C000
|
| Size: |
16384
|
|
|
14FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683662816.00000000014FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14FB000
|
| Size: |
4096
|
|
|
7D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369192630.0000000007D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D50000
|
| Size: |
65536
|
|
|
A4E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000000.1226620148.0000000000A4E000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
A4E000
|
| Size: |
8192
|
|
|
3D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1355249100.0000000003D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D14000
|
| Size: |
786432
|
|
|
4CF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405149397.0000000004CF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CF0000
|
| Size: |
4096
|
|
|
C63B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700496181.000000000C63B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C63B000
|
| Size: |
20480
|
|
|
FB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1228266442.0000000000FB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB4000
|
| Size: |
4096
|
|
|
14A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365842008.00000000014A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A3000
|
| Size: |
581632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
6FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690557893.0000000006FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FA0000
|
| Size: |
65536
|
|
|
FB02FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1350907222.000000FB02FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FB02FFE000
|
| Size: |
8192
|
|
|
1C20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243802141.0000000001C20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C20000
|
| Size: |
8192
|
|
|
83EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256318012.00000000083EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
83EE000
|
| Size: |
8192
|
|
|
A440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3697824285.000000000A440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A440000
|
| Size: |
1085440
|
|
|
7F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244944736.0000000007F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F30000
|
| Size: |
65536
|
|
|
7F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245688651.0000000007F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F90000
|
| Size: |
65536
|
|
|
7DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367672873.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DB0000
|
| Size: |
65536
|
|
|
7640000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3691210783.0000000007640000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7640000
|
| Size: |
5242880
|
|
|
EF6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379349185.0000000000EF6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EF6000
|
| Size: |
28672
|
|
|
714C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690642368.000000000714C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
714C000
|
| Size: |
16384
|
|
|
14FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683662816.00000000014FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14FE000
|
| Size: |
155648
|
|
|
14EB000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1228301523.00000000014EB000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
14EB000
|
| Size: |
4096
|
|
|
2B7637B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1350474533.000002B7637B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B7637B3000
|
| Size: |
61440
|
|
|
2B7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1214545488.00000000002B7000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2B7000
|
| Size: |
856064
|
|
|
6EB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3690285746.0000000006EB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6EB0000
|
| Size: |
65536
|
|
|
3CB5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CB5000
|
| Size: |
16384
|
|
|
3A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240223586.0000000003A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A60000
|
| Size: |
1196032
|
|
|
13FBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3702884205.0000000013FBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13FBE000
|
| Size: |
8192
|
|
|
3086000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1365709632.0000000003086000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3086000
|
| Size: |
8192
|
|
|
3BA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BA8000
|
| Size: |
8192
|
|
|
1525000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683662816.0000000001525000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1525000
|
| Size: |
16384
|
|
|
C9B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1378714708.0000000000C9B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C9B000
|
| Size: |
8192
|
|
|
10C4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C4A000
|
| Size: |
16384
|
|
|
4459000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688494682.0000000004459000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4459000
|
| Size: |
180224
|
|
|
FB02CFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1350861190.000000FB02CFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FB02CFF000
|
| Size: |
4096
|
|
|
7E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243993783.0000000007E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7E00000
|
| Size: |
40960
|
|
|
67F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389566445.00000000067F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67F0000
|
| Size: |
4096
|
|
|
50CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387145598.00000000050CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50CE000
|
| Size: |
8192
|
|
|
3939000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003939000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3939000
|
| Size: |
16384
|
|
|
6C0F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689362198.0000000006C0F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C0F000
|
| Size: |
4096
|
|
|
F8C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1231702396.0000000000F8C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F8C000
|
| Size: |
28672
|
|
|
3D58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D58000
|
| Size: |
4096
|
|
|
5BB7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388260332.0000000005BB7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BB7000
|
| Size: |
12288
|
|
|
37AF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000037AF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37AF000
|
| Size: |
20480
|
|
|
11BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365514570.00000000011BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11BE000
|
| Size: |
8192
|
|
|
7C30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407154952.0000000007C30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C30000
|
| Size: |
65536
|
|
|
39C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39C9000
|
| Size: |
16384
|
|
|
7DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367609045.0000000007DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DD0000
|
| Size: |
65536
|
|
|
323C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252537336.000000000323C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
323C000
|
| Size: |
4096
|
|
|
7EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245546751.0000000007EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC0000
|
| Size: |
8192
|
|
|
80E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366803975.00000000080E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80E0000
|
| Size: |
65536
|
|
|
6720000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389437657.0000000006720000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6720000
|
| Size: |
4096
|
|
|
3C4F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C4F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C4F000
|
| Size: |
8192
|
|
|
10C72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C72000
|
| Size: |
16384
|
|
|
38E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1350857938.00000000038E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
38E1000
|
| Size: |
786432
|
|
|
8361000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370473440.0000000008361000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8361000
|
| Size: |
61440
|
|
|
38D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38D3000
|
| Size: |
8192
|
|
|
F0B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243323739.0000000000F0B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F0B000
|
| Size: |
20480
|
|
|
1450000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365842008.0000000001450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
24576
|
|
|
3043000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404527348.0000000003043000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3043000
|
| Size: |
65536
|
|
|
41CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1363553853.00000000041CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41CE000
|
| Size: |
24576
|
|
|
4159000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1364443072.0000000004159000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4159000
|
| Size: |
4096
|
|
|
8DFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256543328.0000000008DFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8DFC000
|
| Size: |
16384
|
|
|
8540000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3697481561.0000000008540000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8540000
|
| Size: |
12288
|
|
|
10C59000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C59000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C59000
|
| Size: |
16384
|
|
|
DB0D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DB0D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DB0D000
|
| Size: |
16384
|
|
|
681A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389566445.000000000681A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
681A000
|
| Size: |
8192
|
|
|
BAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227498892.0000000000BAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BAE000
|
| Size: |
8192
|
|
|
79DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255793746.00000000079DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
79DE000
|
| Size: |
8192
|
|
|
1502000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1216115978.0000000001502000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1502000
|
| Size: |
53248
|
|
|
66C8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389168475.00000000066C8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
66C8000
|
| Size: |
32768
|
|
|
3B70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003B70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B70000
|
| Size: |
8192
|
|
|
37A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000037A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37A1000
|
| Size: |
36864
|
|
|
4C95000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386396697.0000000004C95000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C95000
|
| Size: |
45056
|
|
|
7FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367508810.0000000007FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF0000
|
| Size: |
65536
|
|
|
3B89000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1241062204.0000000003B89000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B89000
|
| Size: |
4096
|
|
|
7F700000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3702992581.000000007F700000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7F700000
|
| Size: |
4096
|
|
|
2BF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002BF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BF0000
|
| Size: |
8192
|
|
|
83BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3696969753.00000000083BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
83BC000
|
| Size: |
16384
|
|
|
EC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379110011.0000000000EC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EC6000
|
| Size: |
16384
|
|
|
4F01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253809900.0000000004F01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F01000
|
| Size: |
4096
|
|
|
A52000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000000.1226620148.0000000000A52000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
A52000
|
| Size: |
8192
|
|
|
39A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39A2000
|
| Size: |
8192
|
|
|
3289000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243537158.0000000003289000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3289000
|
| Size: |
4096
|
|
|
10C95000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C95000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C95000
|
| Size: |
16384
|
|
|
2A13000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002A13000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A13000
|
| Size: |
8192
|
|
|
7D90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1368896464.0000000007D90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D90000
|
| Size: |
65536
|
|
|
5E2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389006061.0000000005E2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E2E000
|
| Size: |
8192
|
|
|
5BD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388357983.0000000005BD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BD5000
|
| Size: |
57344
|
|
|
329D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685292430.000000000329D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
329D000
|
| Size: |
69632
|
|
|
4E07000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405610991.0000000004E07000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E07000
|
| Size: |
12288
|
|
|
90FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256796199.00000000090FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
90FE000
|
| Size: |
8192
|
|
|
38D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38D8000
|
| Size: |
8192
|
|
|
4D00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405334745.0000000004D00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
3B89000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1239522134.0000000003B89000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B89000
|
| Size: |
4096
|
|
|
7D90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367715180.0000000007D90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D90000
|
| Size: |
65536
|
|
|
3088000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1365664984.0000000003088000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3088000
|
| Size: |
32768
|
|
|
102A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1233335754.000000000102A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
102A000
|
| Size: |
69632
|
|
|
6120000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689167047.0000000006120000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6120000
|
| Size: |
4096
|
|
|
3B8D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1241650426.0000000003B8D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B8D000
|
| Size: |
458752
|
|
|
38D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1366733468.00000000038D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
38D0000
|
| Size: |
8192
|
|
|
2B76378A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351324569.000002B76378A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B76378A000
|
| Size: |
4096
|
|
|
328A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243504727.000000000328A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
328A000
|
| Size: |
57344
|
|
|
3DD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362394406.0000000003DD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3DD0000
|
| Size: |
1187840
|
|
|
F64000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1228428795.0000000000F64000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F64000
|
| Size: |
667648
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7D10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1368484242.0000000007D10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D10000
|
| Size: |
8192
|
|
|
7DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367561915.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DF0000
|
| Size: |
65536
|
|
|
3D4B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D4B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D4B000
|
| Size: |
8192
|
|
|
823C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3695961973.000000000823C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
823C000
|
| Size: |
16384
|
|
|
7C22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007C22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C22000
|
| Size: |
8192
|
|
|
3FB3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362867095.0000000003FB3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB3000
|
| Size: |
507904
|
|
|
14A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1354809216.00000000014A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A1000
|
| Size: |
4096
|
|
|
2B763670000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351044573.000002B763670000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763670000
|
| Size: |
8192
|
|
|
A1F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.1349960460.0000000000A1F000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A1F000
|
| Size: |
147456
|
|
|
3B77000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003B77000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B77000
|
| Size: |
8192
|
|
|
399B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000399B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
399B000
|
| Size: |
4096
|
|
|
837C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3696681975.000000000837C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
837C000
|
| Size: |
16384
|
|
|
5820000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005820000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5820000
|
| Size: |
4096
|
|
|
7BE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406872392.0000000007BE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BE0000
|
| Size: |
65536
|
|
|
827C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3696322647.000000000827C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
827C000
|
| Size: |
16384
|
|
|
29FC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.00000000029FC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29FC000
|
| Size: |
12288
|
|
|
3BFE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1242268977.0000000003BFE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3BFE000
|
| Size: |
24576
|
|
|
2B76378C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351324569.000002B76378C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B76378C000
|
| Size: |
12288
|
|
|
E10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379028945.0000000000E10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E10000
|
| Size: |
4096
|
|
|
323E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252537336.000000000323E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
323E000
|
| Size: |
16384
|
|
|
3296000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685292430.0000000003296000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3296000
|
| Size: |
16384
|
|
|
3D1B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D1B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D1B000
|
| Size: |
8192
|
|
|
DAEF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAEF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAEF000
|
| Size: |
16384
|
|
|
3B8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003B8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B8E000
|
| Size: |
8192
|
|
|
2B7637B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351441519.000002B7637B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B7637B4000
|
| Size: |
57344
|
|
|
5C50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388793442.0000000005C50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C50000
|
| Size: |
65536
|
|
|
4CED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1405126744.0000000004CED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CED000
|
| Size: |
4096
|
|
|
2F90000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1252320160.0000000002F90000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
2F90000
|
| Size: |
4096
|
|
|
3282000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685292430.0000000003282000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3282000
|
| Size: |
28672
|
|
|
5B6C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388008908.0000000005B6C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B6C000
|
| Size: |
4096
|
|
|
156A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683662816.000000000156A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
156A000
|
| Size: |
126976
|
|
|
1887000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684551919.0000000001887000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1887000
|
| Size: |
4096
|
|
|
575E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.000000000575E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
575E000
|
| Size: |
4096
|
|
|
32F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253451508.00000000032F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32F1000
|
| Size: |
4096
|
|
|
8080000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366994548.0000000008080000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8080000
|
| Size: |
28672
|
|
|
5360000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387492616.0000000005360000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5360000
|
| Size: |
65536
|
|
|
DAF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAF9000
|
| Size: |
16384
|
|
|
7DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243917975.0000000007DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DA0000
|
| Size: |
16384
|
|
|
317E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685203232.000000000317E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
317E000
|
| Size: |
8192
|
|
|
5000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253830814.0000000005000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5000000
|
| Size: |
4096
|
|
|
13C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227995604.00000000013C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
4096
|
|
|
3049000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1364343656.0000000003049000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3049000
|
| Size: |
24576
|
|
|
81D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244627609.00000000081D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81D0000
|
| Size: |
65536
|
|
|
5B6E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388008908.0000000005B6E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B6E000
|
| Size: |
4096
|
|
|
993000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1378038853.0000000000993000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
993000
|
| Size: |
4096
|
|
|
2C18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C18000
|
| Size: |
12288
|
|
|
7DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367587159.0000000007DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DE0000
|
| Size: |
65536
|
|
|
2E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252211499.0000000002E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E60000
|
| Size: |
4096
|
|
|
39BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39BE000
|
| Size: |
8192
|
|
|
5846000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005846000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5846000
|
| Size: |
45056
|
|
|
11A8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683126204.00000000011A8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11A8000
|
| Size: |
32768
|
|
|
7BF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007BF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BF0000
|
| Size: |
12288
|
|
|
F6B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243538403.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F6B000
|
| Size: |
135168
|
|
|
308A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1365795778.000000000308A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
308A000
|
| Size: |
24576
|
|
|
14F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683662816.00000000014F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F0000
|
| Size: |
36864
|
|
|
3BDA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BDA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BDA000
|
| Size: |
4096
|
|
|
3B56000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003B56000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B56000
|
| Size: |
16384
|
|
|
C53B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700464610.000000000C53B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C53B000
|
| Size: |
20480
|
|
|
7D60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369127511.0000000007D60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D60000
|
| Size: |
65536
|
|
|
12E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227875582.00000000012E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12E5000
|
| Size: |
12288
|
|
|
1932000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684922823.0000000001932000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1932000
|
| Size: |
4096
|
|
|
E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379052540.0000000000E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E5E000
|
| Size: |
8192
|
|
|
3CA3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003CA3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CA3000
|
| Size: |
8192
|
|
|
7DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1368752345.0000000007DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DD0000
|
| Size: |
65536
|
|
|
342F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685695524.000000000342F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
342F000
|
| Size: |
4096
|
|
|
29E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.00000000029E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29E4000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3B4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003B4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B4A000
|
| Size: |
4096
|
|
|
30AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404593699.00000000030AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30AF000
|
| Size: |
8192
|
|
|
3083000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1365734653.0000000003083000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3083000
|
| Size: |
12288
|
|
|
39F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39F6000
|
| Size: |
4096
|
|
|
4DB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387049538.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DB0000
|
| Size: |
4096
|
|
|
3929000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003929000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3929000
|
| Size: |
8192
|
|
|
4030000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1363010285.0000000004030000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4030000
|
| Size: |
1196032
|
|
|
1413000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1215608309.0000000001413000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1413000
|
| Size: |
45056
|
|
|
5F80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689072912.0000000005F80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F80000
|
| Size: |
12288
|
|
|
573D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.000000000573D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
573D000
|
| Size: |
12288
|
|
|
2B21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002B21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B21000
|
| Size: |
8192
|
|
|
3D75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D75000
|
| Size: |
16384
|
|
|
6F4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690377881.0000000006F4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F4E000
|
| Size: |
8192
|
|
|
8090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366952015.0000000008090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8090000
|
| Size: |
196608
|
|
|
1420000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683246208.0000000001420000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1420000
|
| Size: |
8192
|
|
|
3A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1242268977.0000000003A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A60000
|
| Size: |
1196032
|
|
|
1454000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1228038443.0000000001454000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1454000
|
| Size: |
585728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
14EB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1220230905.00000000014EB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14EB000
|
| Size: |
4096
|
|
|
32AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252821747.00000000032AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32AF000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7D20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369318800.0000000007D20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D20000
|
| Size: |
65536
|
|
|
4DAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386936389.0000000004DAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DAE000
|
| Size: |
8192
|
|
|
DB03000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DB03000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DB03000
|
| Size: |
16384
|
|
|
3012000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404436304.0000000003012000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3012000
|
| Size: |
94208
|
|
|
4099000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1361438138.0000000004099000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4099000
|
| Size: |
4096
|
|
|
6D30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391005300.0000000006D30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D30000
|
| Size: |
4096
|
|
|
3861000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003861000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3861000
|
| Size: |
16384
|
|
|
3E90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362867095.0000000003E90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3E90000
|
| Size: |
1187840
|
|
|
7DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255992324.0000000007DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DE0000
|
| Size: |
20480
|
|
|
38F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F1000
|
| Size: |
16384
|
|
|
1903000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3684698165.0000000001903000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1903000
|
| Size: |
4096
|
|
|
3C8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C8F000
|
| Size: |
4096
|
|
|
4DC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1405531885.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DC0000
|
| Size: |
65536
|
|
|
2C0D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C0D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C0D000
|
| Size: |
4096
|
|
|
327B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685292430.000000000327B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
327B000
|
| Size: |
8192
|
|
|
13F7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3702854785.0000000013F7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13F7E000
|
| Size: |
8192
|
|
|
789D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406851865.000000000789D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
789D000
|
| Size: |
12288
|
|
|
B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227369345.0000000000B60000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B60000
|
| Size: |
4096
|
|
|
38BA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038BA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38BA000
|
| Size: |
8192
|
|
|
6815000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389566445.0000000006815000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6815000
|
| Size: |
4096
|
|
|
14A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1354809216.00000000014A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A3000
|
| Size: |
581632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3963000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003963000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3963000
|
| Size: |
8192
|
|
|
80D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366834644.00000000080D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80D0000
|
| Size: |
65536
|
|
|
54D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1242777379.000000000054D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54D000
|
| Size: |
12288
|
|
|
5973000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688820393.0000000005973000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5973000
|
| Size: |
8192
|
|
|
3000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404413964.0000000003000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3000000
|
| Size: |
69632
|
|
|
3574000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243902504.0000000003574000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3574000
|
| Size: |
8192
|
|
|
5C17000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388575905.0000000005C17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C17000
|
| Size: |
24576
|
|
|
4CC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404949269.0000000004CC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CC0000
|
| Size: |
8192
|
|
|
7D20000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1255823927.0000000007D20000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
7D20000
|
| Size: |
4096
|
|
|
853C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3697362530.000000000853C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
853C000
|
| Size: |
16384
|
|
|
2A25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002A25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A25000
|
| Size: |
8192
|
|
|
39B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39B9000
|
| Size: |
8192
|
|
|
BDEE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3698794516.000000000BDEE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BDEE000
|
| Size: |
303104
|
|
|
38C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1220336337.00000000038C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
38C6000
|
| Size: |
786432
|
|
|
8000000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367454674.0000000008000000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8000000
|
| Size: |
65536
|
|
|
7FF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244691323.0000000007FF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF9000
|
| Size: |
28672
|
|
|
3320000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685678269.0000000003320000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3320000
|
| Size: |
4096
|
|
|
EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243323739.0000000000EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EFE000
|
| Size: |
8192
|
|
|
7D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255896223.0000000007D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D8E000
|
| Size: |
8192
|
|
|
3CA9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003CA9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CA9000
|
| Size: |
4096
|
|
|
A4E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243100060.0000000000A4E000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A4E000
|
| Size: |
36864
|
|
|
DACC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DACC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DACC000
|
| Size: |
16384
|
|
|
573B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.000000000573B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
573B000
|
| Size: |
4096
|
|
|
47A8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386296707.00000000047A8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47A8000
|
| Size: |
8192
|
|
|
7D20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407252282.0000000007D20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D20000
|
| Size: |
4096
|
|
|
80C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366876236.00000000080C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80C5000
|
| Size: |
45056
|
|
|
2DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404365555.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DF0000
|
| Size: |
4096
|
|
|
EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379110011.0000000000EA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EA0000
|
| Size: |
12288
|
|
|
17C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684456298.00000000017C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17C0000
|
| Size: |
16384
|
|
|
9CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378275064.00000000009CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9CE000
|
| Size: |
94208
|
|
|
30CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370230350.00000000030CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30CA000
|
| Size: |
8192
|
|
|
3E90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1363310249.0000000003E90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3E90000
|
| Size: |
1187840
|
|
|
7350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3691032231.0000000007350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7350000
|
| Size: |
8192
|
|
|
4B8000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1251928414.00000000004B8000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
4B8000
|
| Size: |
4096
|
|
|
3077000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1365613404.0000000003077000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3077000
|
| Size: |
102400
|
|
|
7DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367648667.0000000007DC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DC0000
|
| Size: |
65536
|
|
|
5BA2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388194854.0000000005BA2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BA2000
|
| Size: |
65536
|
|
|
2C88000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C88000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C88000
|
| Size: |
4096
|
|
|
5980000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387700629.0000000005980000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5980000
|
| Size: |
65536
|
|
|
3291000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685292430.0000000003291000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3291000
|
| Size: |
16384
|
|
|
38C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240488383.00000000038C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38C0000
|
| Size: |
1187840
|
|
|
1C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1366256246.0000000001C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C4E000
|
| Size: |
8192
|
|
|
3B8D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1241062204.0000000003B8D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B8D000
|
| Size: |
458752
|
|
|
E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378995327.0000000000E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E00000
|
| Size: |
65536
|
|
|
57AB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.00000000057AB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57AB000
|
| Size: |
40960
|
|
|
35D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404874582.00000000035D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
35D0000
|
| Size: |
4096
|
|
|
3DD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1361186557.0000000003DD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3DD0000
|
| Size: |
1187840
|
|
|
5B7F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388008908.0000000005B7F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B7F000
|
| Size: |
114688
|
|
|
1422000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1215608309.0000000001422000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1422000
|
| Size: |
208896
|
|
|
8270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244367648.0000000008270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8270000
|
| Size: |
28672
|
|
|
2E02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404393825.0000000002E02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E02000
|
| Size: |
20480
|
|
|
835E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407553007.000000000835E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
835E000
|
| Size: |
8192
|
|
|
2AE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227171280.00000000002AE000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2AE000
|
| Size: |
36864
|
|
|
3DA3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1226194956.0000000003DA3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3DA3000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
4431000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688494682.0000000004431000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4431000
|
| Size: |
36864
|
|
|
38DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38DE000
|
| Size: |
8192
|
|
|
3BC5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BC5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BC5000
|
| Size: |
4096
|
|
|
415D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1364443072.000000000415D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
415D000
|
| Size: |
458752
|
|
|
139E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365807012.000000000139E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
139E000
|
| Size: |
8192
|
|
|
3D15000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D15000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D15000
|
| Size: |
4096
|
|
|
6820000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389881455.0000000006820000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6820000
|
| Size: |
4096
|
|
|
103B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1232719493.000000000103B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
103B000
|
| Size: |
262144
|
|
|
ECD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379110011.0000000000ECD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ECD000
|
| Size: |
16384
|
|
|
2B7637B1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351416659.000002B7637B1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B7637B1000
|
| Size: |
8192
|
|
|
1922000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684833857.0000000001922000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1922000
|
| Size: |
4096
|
|
|
8370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370511509.0000000008370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8370000
|
| Size: |
24576
|
|
|
3943000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003943000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3943000
|
| Size: |
8192
|
|
|
575C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.000000000575C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
575C000
|
| Size: |
4096
|
|
|
4DD0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1405559259.0000000004DD0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
1960000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3685023364.0000000001960000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1960000
|
| Size: |
65536
|
|
|
30CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370169588.00000000030CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30CE000
|
| Size: |
36864
|
|
|
21B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1228408155.00000000021B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21B0000
|
| Size: |
8192
|
|
|
5030000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253859040.0000000005030000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5030000
|
| Size: |
8192
|
|
|
11116000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000011116000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
11116000
|
| Size: |
8192
|
|
|
FB028FA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1350792875.000000FB028FA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FB028FA000
|
| Size: |
24576
|
|
|
D519000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700582678.000000000D519000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
D519000
|
| Size: |
16384
|
|
|
204D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1366343455.000000000204D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
204D000
|
| Size: |
12288
|
|
|
2D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404268262.0000000002D10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D10000
|
| Size: |
8192
|
|
|
8F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1377899513.00000000008F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8F7000
|
| Size: |
36864
|
|
|
6D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391032373.0000000006D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D7E000
|
| Size: |
8192
|
|
|
294D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.000000000294D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
294D000
|
| Size: |
4096
|
|
|
39E3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1241433098.00000000039E3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
39E3000
|
| Size: |
507904
|
|
|
990000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.1349343746.0000000000990000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
990000
|
| Size: |
4096
|
|
|
A44000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.1349960460.0000000000A44000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A44000
|
| Size: |
40960
|
|
|
5090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254198084.0000000005090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5090000
|
| Size: |
4096
|
|
|
14A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683478563.00000000014A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14A0000
|
| Size: |
32768
|
|
|
3D10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1366790355.0000000003D10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3D10000
|
| Size: |
741376
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
4D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386564447.0000000004D10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
2BCF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002BCF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BCF000
|
| Size: |
16384
|
|
|
5728000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005728000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5728000
|
| Size: |
4096
|
|
|
2A4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1227104450.00000000002A4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2A4000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
699C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689230840.000000000699C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
699C000
|
| Size: |
16384
|
|
|
4CE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405098392.0000000004CE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CE4000
|
| Size: |
24576
|
|
|
7D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367798854.0000000007D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D50000
|
| Size: |
65536
|
|
|
3063000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367965559.0000000003063000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3063000
|
| Size: |
36864
|
|
|
14EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1216155016.00000000014EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14EC000
|
| Size: |
90112
|
|
|
6BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689362198.0000000006BE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6BE0000
|
| Size: |
81920
|
|
|
2B38000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002B38000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B38000
|
| Size: |
180224
|
|
|
8260000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244446632.0000000008260000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8260000
|
| Size: |
65536
|
|
|
14E3000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1228301523.00000000014E3000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
14E3000
|
| Size: |
20480
|
|
|
7DE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255992324.0000000007DE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DE6000
|
| Size: |
20480
|
|
|
7F410000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1391433072.000000007F410000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7F410000
|
| Size: |
4096
|
|
|
5B70000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3688956536.0000000005B70000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5B70000
|
| Size: |
4096
|
|
|
39B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39B4000
|
| Size: |
8192
|
|
|
681F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389566445.000000000681F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
681F000
|
| Size: |
4096
|
|
|
BBA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365489947.0000000000BBA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BBA000
|
| Size: |
24576
|
|
|
3966000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003966000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3966000
|
| Size: |
4096
|
|
|
552D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688643519.000000000552D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
552D000
|
| Size: |
12288
|
|
|
5C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688974590.0000000005C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C7E000
|
| Size: |
8192
|
|
|
EC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379110011.0000000000EC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EC1000
|
| Size: |
16384
|
|
|
3CF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1226194956.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3CF0000
|
| Size: |
729088
|
|
|
7F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245738037.0000000007F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F60000
|
| Size: |
131072
|
|
|
8040000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367179309.0000000008040000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8040000
|
| Size: |
65536
|
|
|
8029000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367298335.0000000008029000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8029000
|
| Size: |
28672
|
|
|
504D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1253960883.000000000504D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
504D000
|
| Size: |
4096
|
|
|
2D01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002D01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D01000
|
| Size: |
32768
|
|
|
501F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405744907.000000000501F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
501F000
|
| Size: |
4096
|
|
|
DAE5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAE5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAE5000
|
| Size: |
16384
|
|
|
51A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1377751128.000000000051A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51A000
|
| Size: |
24576
|
|
|
32C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685607663.00000000032C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32C0000
|
| Size: |
65536
|
|
|
67C6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389489006.00000000067C6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67C6000
|
| Size: |
8192
|
|
|
6E8D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690117644.0000000006E8D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E8D000
|
| Size: |
12288
|
|
|
30B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369907359.00000000030B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30B8000
|
| Size: |
16384
|
|
|
7808000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255740201.0000000007808000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7808000
|
| Size: |
4096
|
|
|
32E3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253394748.00000000032E3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32E3000
|
| Size: |
16384
|
|
|
37C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000037C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37C1000
|
| Size: |
8192
|
|
|
3051000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1364343656.0000000003051000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3051000
|
| Size: |
4096
|
|
|
39F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39F3000
|
| Size: |
8192
|
|
|
2DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DB0000
|
| Size: |
212992
|
|
|
7F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407390111.0000000007F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7F3E000
|
| Size: |
8192
|
|
|
27F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1214444785.000000000027F000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
27F000
|
| Size: |
147456
|
|
|
10C46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C46000
|
| Size: |
12288
|
|
|
2AD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002AD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AD8000
|
| Size: |
4096
|
|
|
3BFE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240223586.0000000003BFE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3BFE000
|
| Size: |
24576
|
|
|
3EF3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362394406.0000000003EF3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3EF3000
|
| Size: |
507904
|
|
|
4CF2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405201452.0000000004CF2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CF2000
|
| Size: |
4096
|
|
|
991000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000C.00000002.1365167599.0000000000991000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
991000
|
| Size: |
581632
|
|
|
2AFE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002AFE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AFE000
|
| Size: |
8192
|
|
|
33CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404855024.00000000033CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33CE000
|
| Size: |
8192
|
|
|
2D39000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002D39000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D39000
|
| Size: |
139264
|
|
|
3BBC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BBC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BBC000
|
| Size: |
4096
|
|
|
2FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252369473.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FF0000
|
| Size: |
4096
|
|
|
36D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.00000000036D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36D4000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
66E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1389236688.00000000066E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
66E0000
|
| Size: |
65536
|
|
|
6C35000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689468596.0000000006C35000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C35000
|
| Size: |
696320
|
|
|
6990000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390126691.0000000006990000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6990000
|
| Size: |
24576
|
|
|
3D4F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D4F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D4F000
|
| Size: |
4096
|
|
|
291F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.000000000291F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
291F000
|
| Size: |
176128
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7480000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1391319109.0000000007480000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7480000
|
| Size: |
28672
|
|
|
2B763798000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351390885.000002B763798000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763798000
|
| Size: |
86016
|
|
|
39AD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039AD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39AD000
|
| Size: |
8192
|
|
|
2A4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1214444785.00000000002A4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2A4000
|
| Size: |
40960
|
|
|
3B8D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240223586.0000000003B8D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B8D000
|
| Size: |
458752
|
|
|
F30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243538403.0000000000F30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F30000
|
| Size: |
24576
|
|
|
1455000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1215249704.0000000001455000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1455000
|
| Size: |
131072
|
|
|
7C16000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007C16000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C16000
|
| Size: |
4096
|
|
|
3A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1241062204.0000000003A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A60000
|
| Size: |
1196032
|
|
|
7F10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244978323.0000000007F10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F10000
|
| Size: |
65536
|
|
|
5BC9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388323714.0000000005BC9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BC9000
|
| Size: |
45056
|
|
|
398E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000398E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
398E000
|
| Size: |
8192
|
|
|
550000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1242803967.0000000000550000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
550000
|
| Size: |
4096
|
|
|
7DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367695865.0000000007DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DA0000
|
| Size: |
65536
|
|
|
410E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362542145.000000000410E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
410E000
|
| Size: |
24576
|
|
|
10C54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C54000
|
| Size: |
16384
|
|
|
DAC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DAC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DAC7000
|
| Size: |
16384
|
|
|
3200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252433819.0000000003200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
69632
|
|
|
29DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.00000000029DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29DC000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
38C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1228424886.00000000038C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38C0000
|
| Size: |
741376
|
|
|
3278000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243254135.0000000003278000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3278000
|
| Size: |
4096
|
|
|
38D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1366733468.00000000038D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
38D4000
|
| Size: |
8192
|
|
|
3848000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003848000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3848000
|
| Size: |
8192
|
|
|
C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378572854.0000000000C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C8E000
|
| Size: |
8192
|
|
|
5000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405700562.0000000005000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5000000
|
| Size: |
4096
|
|
|
2AE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002AE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AE4000
|
| Size: |
16384
|
|
|
6E90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3690145307.0000000006E90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6E90000
|
| Size: |
65536
|
|
|
1270000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365736991.0000000001270000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1270000
|
| Size: |
4096
|
|
|
4DBC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405487874.0000000004DBC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DBC000
|
| Size: |
16384
|
|
|
1485000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683349342.0000000001485000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1485000
|
| Size: |
16384
|
|
|
3B9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003B9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B9E000
|
| Size: |
16384
|
|
|
1546000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1366205450.0000000001546000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1546000
|
| Size: |
20480
|
|
|
4E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405610991.0000000004E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E00000
|
| Size: |
24576
|
|
|
4E01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253787717.0000000004E01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E01000
|
| Size: |
16384
|
|
|
348A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.000000000348A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
348A000
|
| Size: |
4096
|
|
|
718E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690704037.000000000718E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
718E000
|
| Size: |
8192
|
|
|
1920000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684814529.0000000001920000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1920000
|
| Size: |
4096
|
|
|
5726000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005726000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5726000
|
| Size: |
4096
|
|
|
5C09000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388538909.0000000005C09000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C09000
|
| Size: |
24576
|
|
|
349B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.000000000349B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
349B000
|
| Size: |
24576
|
|
|
3846000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003846000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3846000
|
| Size: |
4096
|
|
|
7F00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245888679.0000000007F00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F00000
|
| Size: |
65536
|
|
|
2C77000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C77000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C77000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
3899000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003899000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3899000
|
| Size: |
8192
|
|
|
531B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387251530.000000000531B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
531B000
|
| Size: |
20480
|
|
|
4CD3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1404991122.0000000004CD3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CD3000
|
| Size: |
4096
|
|
|
5DDC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388977169.0000000005DDC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DDC000
|
| Size: |
16384
|
|
|
5A20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1387965290.0000000005A20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5A20000
|
| Size: |
65536
|
|
|
6E28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689875395.0000000006E28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E28000
|
| Size: |
32768
|
|
|
3B89000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240223586.0000000003B89000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B89000
|
| Size: |
4096
|
|
|
415D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1363553853.000000000415D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
415D000
|
| Size: |
458752
|
|
|
331C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685654634.000000000331C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
331C000
|
| Size: |
16384
|
|
|
BE81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3698794516.000000000BE81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE81000
|
| Size: |
86016
|
|
|
36D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.00000000036D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36D8000
|
| Size: |
217088
|
|
|
3283000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243586078.0000000003283000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3283000
|
| Size: |
24576
|
|
|
29F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.00000000029F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F1000
|
| Size: |
28672
|
|
|
BDEC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3698794516.000000000BDEC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BDEC000
|
| Size: |
4096
|
|
|
3C85000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C85000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C85000
|
| Size: |
4096
|
|
|
7EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245179614.0000000007EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE0000
|
| Size: |
65536
|
|
|
7C08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007C08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C08000
|
| Size: |
4096
|
|
|
11CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365514570.00000000011CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11CE000
|
| Size: |
8192
|
|
|
570B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.000000000570B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
570B000
|
| Size: |
4096
|
|
|
5401000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405869249.0000000005401000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5401000
|
| Size: |
28672
|
|
|
685D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689186660.000000000685D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
685D000
|
| Size: |
12288
|
|
|
8100000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366731068.0000000008100000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8100000
|
| Size: |
28672
|
|
|
4D80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386859683.0000000004D80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D80000
|
| Size: |
8192
|
|
|
991000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1242960454.0000000000991000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
991000
|
| Size: |
581632
|
|
|
2B10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002B10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B10000
|
| Size: |
8192
|
|
|
3112000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404812111.0000000003112000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3112000
|
| Size: |
262144
|
|
|
3DAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003DAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DAE000
|
| Size: |
4096
|
|
|
2B66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002B66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B66000
|
| Size: |
294912
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
DCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378804414.0000000000DCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DCE000
|
| Size: |
8192
|
|
|
1889000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684551919.0000000001889000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1889000
|
| Size: |
24576
|
|
|
30D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1370286963.00000000030D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30D0000
|
| Size: |
28672
|
|
|
990000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1226469491.0000000000990000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
990000
|
| Size: |
4096
|
|
|
1950000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685005520.0000000001950000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1950000
|
| Size: |
4096
|
|
|
3A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1239522134.0000000003A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A60000
|
| Size: |
1196032
|
|
|
294F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.000000000294F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
294F000
|
| Size: |
12288
|
|
|
39E7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039E7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39E7000
|
| Size: |
4096
|
|
|
3060000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404550170.0000000003060000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3060000
|
| Size: |
49152
|
|
|
3FB3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1363310249.0000000003FB3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB3000
|
| Size: |
507904
|
|
|
585C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.000000000585C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
585C000
|
| Size: |
4096
|
|
|
3C58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C58000
|
| Size: |
8192
|
|
|
CC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378778413.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC0000
|
| Size: |
16384
|
|
|
369E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.000000000369E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
369E000
|
| Size: |
217088
|
|
|
5BBB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388287333.0000000005BBB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BBB000
|
| Size: |
53248
|
|
|
5930000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1387575696.0000000005930000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5930000
|
| Size: |
65536
|
|
|
3312000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253543529.0000000003312000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3312000
|
| Size: |
262144
|
|
|
3C19000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C19000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C19000
|
| Size: |
8192
|
|
|
7FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245658452.0000000007FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA0000
|
| Size: |
28672
|
|
|
38D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000038D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38D6000
|
| Size: |
4096
|
|
|
5B5C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688930545.0000000005B5C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B5C000
|
| Size: |
16384
|
|
|
8550000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3697481561.0000000008550000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8550000
|
| Size: |
77824
|
|
|
3BFE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1241650426.0000000003BFE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3BFE000
|
| Size: |
24576
|
|
|
6701000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406527599.0000000006701000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6701000
|
| Size: |
8192
|
|
|
1542000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1366184051.0000000001542000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1542000
|
| Size: |
16384
|
|
|
4D22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386589484.0000000004D22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4D22000
|
| Size: |
12288
|
|
|
FB031FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1350958763.000000FB031FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FB031FE000
|
| Size: |
8192
|
|
|
7DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1368799775.0000000007DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DB0000
|
| Size: |
131072
|
|
|
7F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244828254.0000000007F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F90000
|
| Size: |
65536
|
|
|
2A06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002A06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A06000
|
| Size: |
8192
|
|
|
3981000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003981000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3981000
|
| Size: |
16384
|
|
|
2C92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C92000
|
| Size: |
143360
|
|
|
980000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1377985935.0000000000980000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
980000
|
| Size: |
8192
|
|
|
5501000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1405891967.0000000005501000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5501000
|
| Size: |
20480
|
|
|
7C19000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007C19000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C19000
|
| Size: |
4096
|
|
|
3912000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003912000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3912000
|
| Size: |
8192
|
|
|
69FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390320407.00000000069FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
69FE000
|
| Size: |
4096
|
|
|
14E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1218638302.00000000014E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
49152
|
|
|
2A1A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002A1A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A1A000
|
| Size: |
8192
|
|
|
11CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227691425.00000000011CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11CF000
|
| Size: |
4096
|
|
|
6700000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389360331.0000000006700000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6700000
|
| Size: |
53248
|
|
|
5601000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254554993.0000000005601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5601000
|
| Size: |
4096
|
|
|
3A60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240607729.0000000003A60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A60000
|
| Size: |
1196032
|
|
|
4CA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386469827.0000000004CA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4CA0000
|
| Size: |
65536
|
|
|
67F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389566445.00000000067F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67F2000
|
| Size: |
8192
|
|
|
49A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1242706026.000000000049A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49A000
|
| Size: |
24576
|
|
|
3924000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003924000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3924000
|
| Size: |
8192
|
|
|
960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1242885717.0000000000960000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
960000
|
| Size: |
4096
|
|
|
852E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256391185.000000000852E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
852E000
|
| Size: |
8192
|
|
|
F93000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1243621262.0000000000F93000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
F93000
|
| Size: |
4096
|
|
|
409D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1361438138.000000000409D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
409D000
|
| Size: |
458752
|
|
|
2C8C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C8C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C8C000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
37D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1215773519.00000000037D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
37D0000
|
| Size: |
786432
|
|
|
A1F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1226569067.0000000000A1F000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A1F000
|
| Size: |
147456
|
|
|
A1F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1365265944.0000000000A1F000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A1F000
|
| Size: |
147456
|
|
|
7D41000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367820918.0000000007D41000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D41000
|
| Size: |
61440
|
|
|
73A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3691071266.00000000073A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
73A0000
|
| Size: |
57344
|
|
|
EFE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379402836.0000000000EFE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EFE000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6DBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391066162.0000000006DBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DBE000
|
| Size: |
8192
|
|
|
2B7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1227201415.00000000002B7000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2B7000
|
| Size: |
856064
|
|
|
BE39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3698794516.000000000BE39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE39000
|
| Size: |
16384
|
|
|
38C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240094810.00000000038C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38C0000
|
| Size: |
1187840
|
|
|
EAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379110011.0000000000EAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EAB000
|
| Size: |
65536
|
|
|
575A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.000000000575A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
575A000
|
| Size: |
4096
|
|
|
3A37000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003A37000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A37000
|
| Size: |
12288
|
|
|
550000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1377771277.0000000000550000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
550000
|
| Size: |
16384
|
|
|
3C63000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C63000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C63000
|
| Size: |
8192
|
|
|
2C7A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404194284.0000000002C7A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C7A000
|
| Size: |
24576
|
|
|
F95000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1228164101.0000000000F95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F95000
|
| Size: |
131072
|
|
|
59E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1387793042.00000000059E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
59E0000
|
| Size: |
65536
|
|
|
3261000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243771592.0000000003261000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3261000
|
| Size: |
36864
|
|
|
3C94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C94000
|
| Size: |
8192
|
|
|
39DA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000039DA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39DA000
|
| Size: |
8192
|
|
|
388D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000388D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
388D000
|
| Size: |
8192
|
|
|
3EF3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1361186557.0000000003EF3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3EF3000
|
| Size: |
507904
|
|
|
5760000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005760000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5760000
|
| Size: |
32768
|
|
|
730B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690847200.000000000730B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
730B000
|
| Size: |
20480
|
|
|
326D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1252821747.000000000326D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
326D000
|
| Size: |
266240
|
|
|
3EF3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1361861741.0000000003EF3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3EF3000
|
| Size: |
507904
|
|
|
506A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1254076935.000000000506A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
506A000
|
| Size: |
4096
|
|
|
7FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244691323.0000000007FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF0000
|
| Size: |
32768
|
|
|
BE97000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3698794516.000000000BE97000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE97000
|
| Size: |
8192
|
|
|
29F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.00000000029F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F9000
|
| Size: |
8192
|
|
|
3C5B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C5B000
|
| Size: |
4096
|
|
|
75CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391372952.00000000075CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
75CE000
|
| Size: |
8192
|
|
|
3DA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003DA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DA8000
|
| Size: |
8192
|
|
|
14CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1351141905.00000000014CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14CE000
|
| Size: |
4096
|
|
|
4C90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386396697.0000000004C90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C90000
|
| Size: |
16384
|
|
|
10C77000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C77000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C77000
|
| Size: |
16384
|
|
|
38C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.00000000038C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38C5000
|
| Size: |
872448
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1404115834.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
5CBC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388915996.0000000005CBC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5CBC000
|
| Size: |
16384
|
|
|
69AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390248474.00000000069AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
69AA000
|
| Size: |
16384
|
|
|
7FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244743833.0000000007FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD0000
|
| Size: |
65536
|
|
|
2DE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002DE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DE6000
|
| Size: |
294912
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
17C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684456298.00000000017C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17C7000
|
| Size: |
8192
|
|
|
1880000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684551919.0000000001880000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1880000
|
| Size: |
24576
|
|
|
3C68000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C68000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C68000
|
| Size: |
69632
|
|
|
51EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254289687.00000000051EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51EE000
|
| Size: |
8192
|
|
|
7D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369013193.0000000007D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D80000
|
| Size: |
65536
|
|
|
2B763798000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1350565649.000002B763798000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763798000
|
| Size: |
86016
|
|
|
370E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.000000000370E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
370E000
|
| Size: |
225280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3D0E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D0E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D0E000
|
| Size: |
12288
|
|
|
7DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1368667010.0000000007DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DF0000
|
| Size: |
28672
|
|
|
93E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1377921326.000000000093E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
93E000
|
| Size: |
8192
|
|
|
3C98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C98000
|
| Size: |
4096
|
|
|
5920000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387533412.0000000005920000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5920000
|
| Size: |
65536
|
|
|
1547000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1351796706.0000000001547000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1547000
|
| Size: |
81920
|
|
|
39E3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240881606.00000000039E3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
39E3000
|
| Size: |
507904
|
|
|
5870000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688665626.0000000005870000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5870000
|
| Size: |
241664
|
|
|
8010000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367376644.0000000008010000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8010000
|
| Size: |
53248
|
|
|
5341000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387251530.0000000005341000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5341000
|
| Size: |
32768
|
|
|
3D5D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D5D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D5D000
|
| Size: |
4096
|
|
|
81C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244644261.00000000081C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81C0000
|
| Size: |
65536
|
|
|
5843000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005843000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5843000
|
| Size: |
4096
|
|
|
3C8B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C8B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C8B000
|
| Size: |
8192
|
|
|
6830000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389938534.0000000006830000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6830000
|
| Size: |
4096
|
|
|
50EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254262943.00000000050EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50EE000
|
| Size: |
8192
|
|
|
14A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1353872362.00000000014A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A3000
|
| Size: |
581632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
37CA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000037CA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37CA000
|
| Size: |
8192
|
|
|
581C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.000000000581C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
581C000
|
| Size: |
4096
|
|
|
1029000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1228967371.0000000001029000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1029000
|
| Size: |
81920
|
|
|
51CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387167296.00000000051CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51CF000
|
| Size: |
4096
|
|
|
2D33000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002D33000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D33000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
3D63000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D63000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D63000
|
| Size: |
8192
|
|
|
38C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1242067280.00000000038C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38C0000
|
| Size: |
1187840
|
|
|
FB032FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1350979653.000000FB032FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FB032FE000
|
| Size: |
8192
|
|
|
4DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253764340.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DF0000
|
| Size: |
4096
|
|
|
2C02000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002C02000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C02000
|
| Size: |
8192
|
|
|
7E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407370492.0000000007E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7E3E000
|
| Size: |
8192
|
|
|
5B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1242857328.00000000005B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B0000
|
| Size: |
20480
|
|
|
5822000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005822000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5822000
|
| Size: |
4096
|
|
|
7DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407308046.0000000007DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DDE000
|
| Size: |
8192
|
|
|
1937000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3684962270.0000000001937000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1937000
|
| Size: |
4096
|
|
|
555000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1377771277.0000000000555000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
555000
|
| Size: |
16384
|
|
|
5769000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005769000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5769000
|
| Size: |
266240
|
|
|
396E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.000000000396E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
396E000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3D28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003D28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D28000
|
| Size: |
4096
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1227614986.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
4096
|
|
|
2E30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002E30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E30000
|
| Size: |
28672
|
|
|
813C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3695603144.000000000813C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
813C000
|
| Size: |
16384
|
|
|
14AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1351055863.00000000014AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14AF000
|
| Size: |
131072
|
|
|
7EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245221403.0000000007EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC0000
|
| Size: |
65536
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1378275064.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
49152
|
|
|
80FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1256165357.00000000080FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
80FE000
|
| Size: |
8192
|
|
|
5839000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005839000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5839000
|
| Size: |
4096
|
|
|
4DA5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1386936389.0000000004DA5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DA5000
|
| Size: |
4096
|
|
|
6980000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390126691.0000000006980000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6980000
|
| Size: |
61440
|
|
|
DB12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3700715970.000000000DB12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DB12000
|
| Size: |
16384
|
|
|
6C80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1390532116.0000000006C80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6C80000
|
| Size: |
65536
|
|
|
32D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253269821.00000000032D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32D7000
|
| Size: |
24576
|
|
|
1490000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683444371.0000000001490000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1490000
|
| Size: |
4096
|
|
|
27A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.00000000027A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27A1000
|
| Size: |
483328
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1251928414.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
4B8000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1404115834.00000000004B8000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
4B8000
|
| Size: |
4096
|
|
|
699E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390214907.000000000699E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
699E000
|
| Size: |
40960
|
|
|
37FB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.00000000037FB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37FB000
|
| Size: |
184320
|
|
|
990000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1242909139.0000000000990000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
990000
|
| Size: |
4096
|
|
|
6E30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689955540.0000000006E30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E30000
|
| Size: |
40960
|
|
|
7DD5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1255960315.0000000007DD5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DD5000
|
| Size: |
36864
|
|
|
2CB8000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404213928.0000000002CB8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CB8000
|
| Size: |
32768
|
|
|
6832000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389938534.0000000006832000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6832000
|
| Size: |
8192
|
|
|
3B63000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003B63000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B63000
|
| Size: |
8192
|
|
|
5067000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1254053292.0000000005067000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5067000
|
| Size: |
4096
|
|
|
1008000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243705169.0000000001008000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1008000
|
| Size: |
143360
|
|
|
FB02DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1350885588.000000FB02DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FB02DFE000
|
| Size: |
8192
|
|
|
71CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3690747576.00000000071CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71CE000
|
| Size: |
8192
|
|
|
3220000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.3685246287.0000000003220000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
3220000
|
| Size: |
4096
|
|
|
1F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1214341824.00000000001F0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
6835000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389938534.0000000006835000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6835000
|
| Size: |
45056
|
|
|
7C50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366210644.0000000007C50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C50000
|
| Size: |
40960
|
|
|
3277000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243292001.0000000003277000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3277000
|
| Size: |
4096
|
|
|
32DF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253350465.00000000032DF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32DF000
|
| Size: |
12288
|
|
|
13E7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3702817219.0000000013E7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13E7E000
|
| Size: |
8192
|
|
|
14D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3683616740.00000000014D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14D0000
|
| Size: |
4096
|
|
|
7DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407326317.0000000007DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DE0000
|
| Size: |
57344
|
|
|
327D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243487796.000000000327D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
327D000
|
| Size: |
4096
|
|
|
1900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3684673281.0000000001900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1900000
|
| Size: |
8192
|
|
|
570E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.000000000570E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
570E000
|
| Size: |
53248
|
|
|
A57000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1226671750.0000000000A57000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A57000
|
| Size: |
856064
|
|
|
8360000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407571850.0000000008360000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8360000
|
| Size: |
4096
|
|
|
5826000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005826000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5826000
|
| Size: |
12288
|
|
|
3276000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685292430.0000000003276000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3276000
|
| Size: |
8192
|
|
|
7C0E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406894469.0000000007C0E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C0E000
|
| Size: |
4096
|
|
|
3DBE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003DBE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3DBE000
|
| Size: |
12288
|
|
|
5B40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1388008908.0000000005B40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5B40000
|
| Size: |
131072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
5A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387922836.0000000005A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A10000
|
| Size: |
65536
|
|
|
3B89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003B89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B89000
|
| Size: |
8192
|
|
|
3BCB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BCB000
|
| Size: |
4096
|
|
|
34A8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.00000000034A8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34A8000
|
| Size: |
2052096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5852000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254602147.0000000005852000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5852000
|
| Size: |
4096
|
|
|
6B90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1390376869.0000000006B90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B90000
|
| Size: |
286720
|
|
|
83CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407590404.00000000083CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
83CE000
|
| Size: |
8192
|
|
|
5970000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1387661224.0000000005970000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5970000
|
| Size: |
65536
|
|
|
4099000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1362542145.0000000004099000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4099000
|
| Size: |
4096
|
|
|
155F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1354753073.000000000155F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
155F000
|
| Size: |
262144
|
|
|
3431000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3685713975.0000000003431000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3431000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
39E3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240094810.00000000039E3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
39E3000
|
| Size: |
507904
|
|
|
2BE9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002BE9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BE9000
|
| Size: |
8192
|
|
|
1B2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1243785124.0000000001B2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1B2E000
|
| Size: |
8192
|
|
|
725E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1391187334.000000000725E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
725E000
|
| Size: |
8192
|
|
|
2AF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AF1000
|
| Size: |
8192
|
|
|
5A7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688859088.0000000005A7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A7C000
|
| Size: |
16384
|
|
|
6ADC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689294746.0000000006ADC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6ADC000
|
| Size: |
16384
|
|
|
6E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689851470.0000000006E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E1E000
|
| Size: |
8192
|
|
|
5720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5720000
|
| Size: |
4096
|
|
|
144F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1218707649.000000000144F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
144F000
|
| Size: |
16384
|
|
|
38C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1240881606.00000000038C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38C0000
|
| Size: |
1187840
|
|
|
149D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365842008.000000000149D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
149D000
|
| Size: |
20480
|
|
|
7FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367539131.0000000007FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE0000
|
| Size: |
65536
|
|
|
2CB7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CB7000
|
| Size: |
294912
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2210000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1366609112.0000000002210000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2210000
|
| Size: |
4096
|
|
|
5050000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1253978689.0000000005050000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5050000
|
| Size: |
8192
|
|
|
3C9D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C9D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C9D000
|
| Size: |
4096
|
|
|
4CF6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1405244946.0000000004CF6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CF6000
|
| Size: |
8192
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244857843.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
65536
|
|
|
7D70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1369097560.0000000007D70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D70000
|
| Size: |
65536
|
|
|
2D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1404326594.0000000002D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D9E000
|
| Size: |
8192
|
|
|
3B8D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1242268977.0000000003B8D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B8D000
|
| Size: |
458752
|
|
|
7340000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3691000902.0000000007340000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7340000
|
| Size: |
4096
|
|
|
4159000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1363553853.0000000004159000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4159000
|
| Size: |
4096
|
|
|
695F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3689212025.000000000695F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
695F000
|
| Size: |
4096
|
|
|
3C3F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C3F000
|
| Size: |
8192
|
|
|
2D2E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002D2E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D2E000
|
| Size: |
8192
|
|
|
3CF3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003CF3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CF3000
|
| Size: |
4096
|
|
|
10C5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3701662834.0000000010C5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10C5E000
|
| Size: |
16384
|
|
|
7EA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1245263378.0000000007EA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EA6000
|
| Size: |
40960
|
|
|
67C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1389489006.00000000067C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
67C0000
|
| Size: |
16384
|
|
|
3BF3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BF3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BF3000
|
| Size: |
8192
|
|
|
3BB5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003BB5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3BB5000
|
| Size: |
8192
|
|
|
3C2E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C2E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C2E000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5746000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1405932003.0000000005746000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5746000
|
| Size: |
45056
|
|
|
3C23000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1382004053.0000000003C23000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C23000
|
| Size: |
8192
|
|
|
521F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1254418335.000000000521F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
521F000
|
| Size: |
4096
|
|
|
A57000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.1350100117.0000000000A57000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A57000
|
| Size: |
856064
|
|
|
126E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1365709775.000000000126E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
126E000
|
| Size: |
8192
|
|
|
2BBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002BBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BBA000
|
| Size: |
24576
|
|
|
5D7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3688995272.0000000005D7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D7B000
|
| Size: |
20480
|
|
|
2B763590000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1351021663.000002B763590000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B763590000
|
| Size: |
4096
|
|
|
2AC5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1379449979.0000000002AC5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC5000
|
| Size: |
32768
|
|
