|
AC1000
|
unkown
|
page execute and read and write
|
 |
|
|
| Name: |
00000007.00000002.3306270230.0000000000AC1000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
AC1000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
52E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2109410350.00000000052E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
52E0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4AA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2038565636.0000000004AA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AA0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
971000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3306912829.0000000000971000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
971000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4BD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2262402855.0000000004BD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4BD0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
AC1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3306984601.0000000000AC1000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
AC1000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
9E1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3307468308.00000000009E1000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9E1000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4BA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2108165970.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4BA0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
971000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3307879772.0000000000971000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
971000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
49C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2182379846.00000000049C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49C0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2026551674.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
463E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313660137.000000000463E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
463E000
|
| Size: |
8192
|
|
|
9D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2038148946.00000000009D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
53248
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2253581278.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2098009000.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
3F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3306267430.00000000003F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F0000
|
| Size: |
4096
|
|
|
421E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312215155.000000000421E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
421E000
|
| Size: |
8192
|
|
|
407E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313304957.000000000407E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
407E000
|
| Size: |
8192
|
|
|
4D70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314133411.0000000004D70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D70000
|
| Size: |
4096
|
|
|
960000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2181668208.0000000000960000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
960000
|
| Size: |
53248
|
|
|
3FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312903900.0000000003FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FFE000
|
| Size: |
8192
|
|
|
4AFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313804975.0000000004AFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AFF000
|
| Size: |
4096
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2096451727.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
249856
|
|
|
84B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3307041255.000000000084B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84B000
|
| Size: |
4096
|
|
|
3FDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312823732.0000000003FDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FDE000
|
| Size: |
8192
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2176199734.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
4DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314466329.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2262817832.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
54C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3313801384.00000000054C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54C0000
|
| Size: |
4096
|
|
|
159B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308650896.000000000159B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
159B000
|
| Size: |
135168
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4BDC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313661355.0000000004BDC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BDC000
|
| Size: |
16384
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109342285.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
8F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306620800.00000000008F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F6000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039241401.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
3B3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312789079.0000000003B3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B3F000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2106600839.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
4CC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3314464987.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CC0000
|
| Size: |
4096
|
|
|
DC6000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3307790549.0000000000DC6000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DC6000
|
| Size: |
45056
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2103186993.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
34DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311543678.00000000034DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34DE000
|
| Size: |
8192
|
|
|
680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306243068.0000000000680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
680000
|
| Size: |
4096
|
|
|
2BBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3309560127.0000000002BBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BBF000
|
| Size: |
4096
|
|
|
4D90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314234293.0000000004D90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D90000
|
| Size: |
4096
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2109799818.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2096612942.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
70B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3306406019.000000000070B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70B000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
531C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3313448070.000000000531C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
531C000
|
| Size: |
16384
|
|
|
35DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311828109.00000000035DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35DE000
|
| Size: |
8192
|
|
|
2EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311670712.0000000002EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EFE000
|
| Size: |
8192
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2183361044.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
4E50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3315212624.0000000004E50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E50000
|
| Size: |
4096
|
|
|
32BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312035462.00000000032BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32BE000
|
| Size: |
8192
|
|
|
4BD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314363317.0000000004BD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BD0000
|
| Size: |
4096
|
|
|
43DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3313048435.00000000043DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43DE000
|
| Size: |
8192
|
|
|
803000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306495921.0000000000803000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
803000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210803860.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
4840000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2251871243.0000000004840000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
188416
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2184220813.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2066171831.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
427E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313184848.000000000427E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
427E000
|
| Size: |
8192
|
|
|
970000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3307833701.0000000000970000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
4096
|
|
|
30EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309037319.00000000030EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30EE000
|
| Size: |
8192
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210078285.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306246867.0000000000190000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
190000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3307041255.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
D70000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3308181266.0000000000D70000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D70000
|
| Size: |
4096
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2038897136.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
8192
|
|
|
960000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2182133612.0000000000960000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
960000
|
| Size: |
53248
|
|
|
84D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3307041255.000000000084D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84D000
|
| Size: |
4096
|
|
|
369F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309677272.000000000369F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
369F000
|
| Size: |
4096
|
|
|
9E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3307413069.00000000009E0000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9E0000
|
| Size: |
4096
|
|
|
4A9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3313460669.0000000004A9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A9D000
|
| Size: |
12288
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128193761.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314552967.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
8192
|
|
|
4DB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314329796.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DB0000
|
| Size: |
4096
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2262757549.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
293E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3308953270.000000000293E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
293E000
|
| Size: |
8192
|
|
|
7BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306908998.00000000007BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
4096
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2179997270.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
6B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306776707.00000000006B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B0000
|
| Size: |
16384
|
|
|
2A8B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3309073072.0000000002A8B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A8B000
|
| Size: |
20480
|
|
|
80E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3307041255.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
80E000
|
| Size: |
184320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
499E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312905105.000000000499E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
499E000
|
| Size: |
8192
|
|
|
425F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312874182.000000000425F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
425F000
|
| Size: |
4096
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2262901949.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
4741000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2251793198.0000000004741000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4741000
|
| Size: |
65536
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2262733927.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
855000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2211274984.0000000000855000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
855000
|
| Size: |
8192
|
|
|
377F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312452464.000000000377F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
377F000
|
| Size: |
4096
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314131758.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2027629749.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
309F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311310047.000000000309F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
309F000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260772991.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128313800.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2101563535.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
8E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306620800.00000000008E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E9000
|
| Size: |
24576
|
|
|
EC1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3308404955.0000000000EC1000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
EC1000
|
| Size: |
1740800
|
|
|
485E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312793530.000000000485E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
485E000
|
| Size: |
8192
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2031767510.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
4DF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314602706.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DF0000
|
| Size: |
8192
|
|
|
3110000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309111932.0000000003110000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3110000
|
| Size: |
16384
|
|
|
30DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311377637.00000000030DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30DE000
|
| Size: |
8192
|
|
|
2B3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311322063.0000000002B3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B3F000
|
| Size: |
4096
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128097451.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
49152
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2106146954.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
54A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3313718078.00000000054A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54A0000
|
| Size: |
4096
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3314003089.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2096551061.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2106547508.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
2D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3309601106.0000000002D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D1E000
|
| Size: |
8192
|
|
|
3117000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309111932.0000000003117000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3117000
|
| Size: |
12288
|
|
|
2D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309473233.0000000002D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D5E000
|
| Size: |
8192
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260998307.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
4D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3313240690.0000000004D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D5E000
|
| Size: |
8192
|
|
|
49FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313754093.00000000049FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49FC000
|
| Size: |
16384
|
|
|
7CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306495921.00000000007CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7CA000
|
| Size: |
8192
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2068278179.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
BF8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000000.2087481939.0000000000BF8000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
BF8000
|
| Size: |
4096
|
|
|
1190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308314585.0000000001190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1190000
|
| Size: |
16384
|
|
|
2DBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311525238.0000000002DBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DBE000
|
| Size: |
8192
|
|
|
81F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306440101.000000000081F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81F000
|
| Size: |
4096
|
|
|
3D3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312627284.0000000003D3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D3F000
|
| Size: |
4096
|
|
|
742000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3306406019.0000000000742000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
742000
|
| Size: |
12288
|
|
|
71E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306378535.000000000071E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71E000
|
| Size: |
8192
|
|
|
294E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3308948813.000000000294E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
294E000
|
| Size: |
8192
|
|
|
4E40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3315174419.0000000004E40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E40000
|
| Size: |
8192
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2029156072.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
415E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312827871.000000000415E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
415E000
|
| Size: |
8192
|
|
|
1570000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308571705.0000000001570000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1570000
|
| Size: |
4096
|
|
|
4E61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128654361.0000000004E61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E61000
|
| Size: |
4096
|
|
|
1590000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308650896.0000000001590000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1590000
|
| Size: |
36864
|
|
|
40DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312095130.00000000040DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40DE000
|
| Size: |
8192
|
|
|
4D60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314082011.0000000004D60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D60000
|
| Size: |
4096
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128268092.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
4D30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314040364.0000000004D30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D30000
|
| Size: |
4096
|
|
|
4BF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314496211.0000000004BF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BF0000
|
| Size: |
4096
|
|
|
AC1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2087292203.0000000000AC1000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
AC1000
|
| Size: |
593920
|
|
|
35BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311921365.00000000035BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35BF000
|
| Size: |
4096
|
|
|
36DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311888905.00000000036DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36DF000
|
| Size: |
4096
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2106012408.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2034280235.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
321F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309430704.000000000321F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
321F000
|
| Size: |
4096
|
|
|
2C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311426157.0000000002C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C7E000
|
| Size: |
8192
|
|
|
429E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312937158.000000000429E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
429E000
|
| Size: |
8192
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260835923.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2068249418.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
45DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312579394.00000000045DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45DE000
|
| Size: |
8192
|
|
|
4F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3315409939.0000000004F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F1E000
|
| Size: |
8192
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2110019190.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
12288
|
|
|
335F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311338915.000000000335F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
335F000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2211156463.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
68E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306644857.000000000068E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
68E000
|
| Size: |
8192
|
|
|
4CD2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2108165970.0000000004CD2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4CD2000
|
| Size: |
16384
|
|
|
4D20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3313973775.0000000004D20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D20000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2034025535.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4C70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3314130035.0000000004C70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C70000
|
| Size: |
4096
|
|
|
7FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306973943.00000000007FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7FC000
|
| Size: |
16384
|
|
|
EC0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3307631002.0000000000EC0000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EC0000
|
| Size: |
4096
|
|
|
2F7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311281961.0000000002F7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F7F000
|
| Size: |
4096
|
|
|
7CD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306495921.00000000007CD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7CD000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
445F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312395077.000000000445F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
445F000
|
| Size: |
4096
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2175199848.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2066284294.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4E61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2106087858.0000000004E61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E61000
|
| Size: |
49152
|
|
|
106A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3308222938.000000000106A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
106A000
|
| Size: |
4096
|
|
|
4B60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314011391.0000000004B60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B60000
|
| Size: |
4096
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314245256.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
3C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312457356.0000000003C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C1E000
|
| Size: |
8192
|
|
|
4E61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128721185.0000000004E61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E61000
|
| Size: |
4096
|
|
|
4E60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3315244353.0000000004E60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E60000
|
| Size: |
4096
|
|
|
559A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3314408772.000000000559A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
559A000
|
| Size: |
2002944
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128690016.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
4096
|
|
|
401E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312710441.000000000401E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
401E000
|
| Size: |
8192
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039192401.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
39DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312050151.00000000039DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39DE000
|
| Size: |
8192
|
|
|
BF3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3306270230.0000000000BF3000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BF3000
|
| Size: |
20480
|
|
|
6B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306776707.00000000006B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B5000
|
| Size: |
8192
|
|
|
4D40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314084083.0000000004D40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D40000
|
| Size: |
4096
|
|
|
323E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311613613.000000000323E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
323E000
|
| Size: |
8192
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2280766279.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
3D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312436676.0000000003D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D9E000
|
| Size: |
8192
|
|
|
2BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3309599058.0000000002BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BFE000
|
| Size: |
8192
|
|
|
AA3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3306912829.0000000000AA3000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
AA3000
|
| Size: |
20480
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128316829.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
2F5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3309737345.0000000002F5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F5F000
|
| Size: |
4096
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3315055823.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
2F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3310250702.0000000002F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F9E000
|
| Size: |
8192
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2106201324.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2258308596.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
6FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3306340360.00000000006FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FD000
|
| Size: |
12288
|
|
|
3C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312576865.0000000003C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C3E000
|
| Size: |
8192
|
|
|
CA1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3307790549.0000000000CA1000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CA1000
|
| Size: |
954368
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3313010365.0000000004ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4ADE000
|
| Size: |
8192
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2106130688.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
EC0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3306828991.0000000000EC0000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EC0000
|
| Size: |
4096
|
|
|
2FFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311721465.0000000002FFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FFF000
|
| Size: |
4096
|
|
|
15BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308650896.00000000015BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15BD000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2105913553.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
49152
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2106070551.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2107924575.0000000000A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
A90000
|
| Size: |
53248
|
|
|
4E61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2096512269.0000000004E61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E61000
|
| Size: |
249856
|
|
|
2A9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309034991.0000000002A9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A9F000
|
| Size: |
4096
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2263021122.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
12288
|
|
|
4741000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2280613004.0000000004741000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4741000
|
| Size: |
49152
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2280680615.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3306707716.0000000000840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
840000
|
| Size: |
16384
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2254750615.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
500E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3315425412.000000000500E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
500E000
|
| Size: |
8192
|
|
|
11C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308410262.00000000011C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C0000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2280745677.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
D62000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3307579783.0000000000D62000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D62000
|
| Size: |
36864
|
|
|
425E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313045941.000000000425E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
425E000
|
| Size: |
8192
|
|
|
7C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306495921.00000000007C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C0000
|
| Size: |
32768
|
|
|
3C5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312299951.0000000003C5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C5E000
|
| Size: |
8192
|
|
|
3100000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309072266.0000000003100000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3100000
|
| Size: |
12288
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2108675174.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2173109635.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
4C10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314632522.0000000004C10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C10000
|
| Size: |
4096
|
|
|
3ABF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312391712.0000000003ABF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ABF000
|
| Size: |
4096
|
|
|
3A3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312728500.0000000003A3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A3E000
|
| Size: |
8192
|
|
|
D56000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3308181266.0000000000D56000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D56000
|
| Size: |
45056
|
|
|
34FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312220816.00000000034FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34FF000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2066315287.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
73A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2283094806.000000000073A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
73A000
|
| Size: |
4096
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2028644857.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2280727657.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2106638520.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
3A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311424957.0000000003A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A5F000
|
| Size: |
4096
|
|
|
9E1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2018051810.00000000009E1000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9E1000
|
| Size: |
593920
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2253138595.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2096488596.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
3C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306315319.00000000003C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C0000
|
| Size: |
16384
|
|
|
40DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312872995.00000000040DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40DF000
|
| Size: |
4096
|
|
|
435E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312330572.000000000435E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
435E000
|
| Size: |
8192
|
|
|
4CDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313746733.0000000004CDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CDF000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2066221598.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
BF8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3307574257.0000000000BF8000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
BF8000
|
| Size: |
12288
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2024655028.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260748791.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
3F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312769352.0000000003F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F9F000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2281469884.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2209953203.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
49152
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2109938915.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
2E5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309520141.0000000002E5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E5F000
|
| Size: |
4096
|
|
|
12C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306046407.000000000012C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12C000
|
| Size: |
16384
|
|
|
359E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309633500.000000000359E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
359E000
|
| Size: |
8192
|
|
|
DE0000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.2018156617.0000000000DE0000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
DE0000
|
| Size: |
1748992
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2030880147.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
399F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311991116.000000000399F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
399F000
|
| Size: |
4096
|
|
|
95E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3306776721.000000000095E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95E000
|
| Size: |
8192
|
|
|
11F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308463735.00000000011F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11F0000
|
| Size: |
4096
|
|
|
30AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308996985.00000000030AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30AC000
|
| Size: |
16384
|
|
|
8B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306620800.00000000008B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8B0000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3A9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312284202.0000000003A9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A9F000
|
| Size: |
4096
|
|
|
AC0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306924399.0000000000AC0000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
AC0000
|
| Size: |
4096
|
|
|
D81000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3307631002.0000000000D81000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D81000
|
| Size: |
954368
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3D5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312364186.0000000003D5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D5F000
|
| Size: |
4096
|
|
|
908000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2070226205.0000000000908000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
908000
|
| Size: |
8192
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2183658185.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
101F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3308871210.000000000101F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
101F000
|
| Size: |
4096
|
|
|
9D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2035903367.00000000009D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
53248
|
|
|
4E00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314555587.0000000004E00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E00000
|
| Size: |
4096
|
|
|
3E1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311776616.0000000003E1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E1F000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2183323514.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
815000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2130181329.0000000000815000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
815000
|
| Size: |
8192
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128292134.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
3DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313069387.0000000003DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DFE000
|
| Size: |
8192
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2096278614.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
65536
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128335403.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
D71000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3308342930.0000000000D71000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D71000
|
| Size: |
1740800
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2069168632.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
383F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312154634.000000000383F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
383F000
|
| Size: |
4096
|
|
|
411E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312943901.000000000411E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
411E000
|
| Size: |
8192
|
|
|
431F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312280410.000000000431F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
431F000
|
| Size: |
4096
|
|
|
345F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311652253.000000000345F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
345F000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2068336128.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039273805.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
12288
|
|
|
8BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306620800.00000000008BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8BA000
|
| Size: |
8192
|
|
|
4E61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128754740.0000000004E61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E61000
|
| Size: |
4096
|
|
|
4CE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313822431.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
449E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312455422.000000000449E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
449E000
|
| Size: |
8192
|
|
|
D70000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3307579783.0000000000D70000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D70000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128246581.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
EB2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3306828991.0000000000EB2000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EB2000
|
| Size: |
36864
|
|
|
4B80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314109562.0000000004B80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B80000
|
| Size: |
4096
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025176796.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306869666.0000000000A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
A90000
|
| Size: |
12288
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2106091132.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
395F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312136934.000000000395F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
395F000
|
| Size: |
4096
|
|
|
4B20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3313846950.0000000004B20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B20000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2033965976.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
3B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306267772.00000000003B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3B0000
|
| Size: |
4096
|
|
|
2A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3309022360.0000000002A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A3F000
|
| Size: |
4096
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314208356.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
423F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313107830.000000000423F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
423F000
|
| Size: |
4096
|
|
|
306E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308939536.000000000306E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
306E000
|
| Size: |
8192
|
|
|
2D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3309681224.0000000002D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D3E000
|
| Size: |
8192
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314604987.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
5440000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2110045940.0000000005440000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5440000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2024636006.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260960831.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
4720000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313496924.0000000004720000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4720000
|
| Size: |
4096
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2109959424.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
BFC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3307631002.0000000000BFC000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BFC000
|
| Size: |
1581056
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109257933.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109308610.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
AC0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.2087248798.0000000000AC0000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AC0000
|
| Size: |
4096
|
|
|
395E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311394494.000000000395E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
395E000
|
| Size: |
8192
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2102146947.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128723570.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
4096
|
|
|
437F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313276165.000000000437F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
437F000
|
| Size: |
4096
|
|
|
AA8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000000.2166476165.0000000000AA8000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
AA8000
|
| Size: |
4096
|
|
|
B13000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3307468308.0000000000B13000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
B13000
|
| Size: |
20480
|
|
|
2A4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3309022891.0000000002A4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A4F000
|
| Size: |
4096
|
|
|
2BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309110893.0000000002BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BDF000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2069990069.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
3B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312171240.0000000003B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B1E000
|
| Size: |
8192
|
|
|
37DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3310231717.00000000037DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37DF000
|
| Size: |
4096
|
|
|
2ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3309142178.0000000002ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ACE000
|
| Size: |
8192
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109433964.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
12288
|
|
|
53C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306150889.000000000053C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
53C000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2254337165.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
2FBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311335867.0000000002FBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FBE000
|
| Size: |
8192
|
|
|
42BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313458306.00000000042BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42BF000
|
| Size: |
4096
|
|
|
331F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309472356.000000000331F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
331F000
|
| Size: |
4096
|
|
|
52DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3313409280.00000000052DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52DD000
|
| Size: |
12288
|
|
|
800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3307041255.0000000000800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
800000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
15C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2130267843.00000000015C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C9000
|
| Size: |
4096
|
|
|
409F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312032576.000000000409F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
409F000
|
| Size: |
4096
|
|
|
2BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3309520942.0000000002BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BDF000
|
| Size: |
4096
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2106565898.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
2AD7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3309436298.0000000002AD7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AD7000
|
| Size: |
12288
|
|
|
41BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313412989.00000000041BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41BE000
|
| Size: |
8192
|
|
|
4C20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3313762863.0000000004C20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C20000
|
| Size: |
4096
|
|
|
516E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3315526626.000000000516E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
516E000
|
| Size: |
8192
|
|
|
311E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309725001.000000000311E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
311E000
|
| Size: |
8192
|
|
|
EC1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3307908013.0000000000EC1000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
EC1000
|
| Size: |
1740800
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2183855180.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2179562867.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
3EFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313130689.0000000003EFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EFF000
|
| Size: |
4096
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2109753963.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
8192
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2280706457.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2179027588.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
2A7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3309066501.0000000002A7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A7B000
|
| Size: |
20480
|
|
|
4741000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282228652.0000000004741000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4741000
|
| Size: |
4096
|
|
|
353E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312280175.000000000353E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
353E000
|
| Size: |
8192
|
|
|
4BC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314301960.0000000004BC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BC0000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2252025603.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210713623.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
4BC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313842797.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4BC0000
|
| Size: |
12288
|
|
|
4F1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2066361533.0000000004F1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1F000
|
| Size: |
524288
|
|
|
337E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311723547.000000000337E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
337E000
|
| Size: |
8192
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2109828374.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2034224736.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
3B7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312836079.0000000003B7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B7E000
|
| Size: |
8192
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2253950997.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210839250.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
4DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314555152.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
AA8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000A.00000000.2246717146.0000000000AA8000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
AA8000
|
| Size: |
4096
|
|
|
439F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312992100.000000000439F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
439F000
|
| Size: |
4096
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128792138.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
4096
|
|
|
4621000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2024298887.0000000004621000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4621000
|
| Size: |
65536
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2262791820.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2101048163.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
5500000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3313980228.0000000005500000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5500000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2261125949.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
B1C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3307790549.0000000000B1C000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
B1C000
|
| Size: |
1581056
|
|
|
3C1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312243897.0000000003C1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C1F000
|
| Size: |
4096
|
|
|
AC0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.2085141649.0000000000AC0000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AC0000
|
| Size: |
4096
|
|
|
15C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308650896.00000000015C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C7000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
EA6000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3307631002.0000000000EA6000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EA6000
|
| Size: |
45056
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2096592586.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
4D90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314328829.0000000004D90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D90000
|
| Size: |
4096
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109137693.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
3CDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311655859.0000000003CDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CDF000
|
| Size: |
4096
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109200453.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
5540000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3314156757.0000000005540000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5540000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2180682876.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
345E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309555041.000000000345E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
345E000
|
| Size: |
8192
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2109920664.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2180778664.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039091412.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128610942.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
4096
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314428344.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2183520339.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3315120693.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
4E61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128604745.0000000004E61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E61000
|
| Size: |
4096
|
|
|
461E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313383292.000000000461E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
461E000
|
| Size: |
8192
|
|
|
375E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311795400.000000000375E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
375E000
|
| Size: |
8192
|
|
|
AC1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2085157070.0000000000AC1000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
AC1000
|
| Size: |
593920
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2033937887.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
960000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3307803527.0000000000960000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
960000
|
| Size: |
12288
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2180627662.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
46DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312631106.00000000046DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46DF000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2261070402.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
5430000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3313552063.0000000005430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5430000
|
| Size: |
4096
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2173800711.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
5490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3313665617.0000000005490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5490000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128204593.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2024528723.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
54D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3313845443.00000000054D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54D0000
|
| Size: |
4096
|
|
|
4B70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314062040.0000000004B70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B70000
|
| Size: |
4096
|
|
|
2830000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3309637606.0000000002830000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2830000
|
| Size: |
16384
|
|
|
4E5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3313293925.0000000004E5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E5F000
|
| Size: |
4096
|
|
|
34BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311853893.00000000034BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34BE000
|
| Size: |
8192
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2106116342.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
451E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3313188106.000000000451E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
451E000
|
| Size: |
8192
|
|
|
6FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306381357.00000000006FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FD000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4E30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3315118940.0000000004E30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E30000
|
| Size: |
4096
|
|
|
4B50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3313986458.0000000004B50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B50000
|
| Size: |
4096
|
|
|
4D02000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2262402855.0000000004D02000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4D02000
|
| Size: |
16384
|
|
|
347F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311792954.000000000347F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
347F000
|
| Size: |
4096
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128151479.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
541F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3313495286.000000000541F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
541F000
|
| Size: |
4096
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260622982.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
4C90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3314253750.0000000004C90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C90000
|
| Size: |
4096
|
|
|
5480000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3313634436.0000000005480000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5480000
|
| Size: |
4096
|
|
|
41DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312149377.00000000041DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41DF000
|
| Size: |
4096
|
|
|
60E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306557758.000000000060E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60E000
|
| Size: |
8192
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2262954741.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
3C7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312878242.0000000003C7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C7F000
|
| Size: |
4096
|
|
|
2810000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2184835186.0000000002810000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2810000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210903805.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2066191554.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4E00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3315067438.0000000004E00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E00000
|
| Size: |
4096
|
|
|
331F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311520081.000000000331F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
331F000
|
| Size: |
4096
|
|
|
4CB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3314393778.0000000004CB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CB0000
|
| Size: |
4096
|
|
|
2A80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3309132530.0000000002A80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A80000
|
| Size: |
4096
|
|
|
3D7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312680907.0000000003D7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D7D000
|
| Size: |
12288
|
|
|
4D30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2263043593.0000000004D30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D30000
|
| Size: |
4096
|
|
|
54B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3313752263.00000000054B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54B0000
|
| Size: |
4096
|
|
|
411F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312771405.000000000411F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
411F000
|
| Size: |
4096
|
|
|
3E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311830825.0000000003E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E5E000
|
| Size: |
8192
|
|
|
700000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3306406019.0000000000700000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
700000
|
| Size: |
36864
|
|
|
286C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3308826852.000000000286C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
286C000
|
| Size: |
16384
|
|
|
4741000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282715218.0000000004741000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4741000
|
| Size: |
4096
|
|
|
381E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311284619.000000000381E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
381E000
|
| Size: |
8192
|
|
|
4741000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282768079.0000000004741000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4741000
|
| Size: |
4096
|
|
|
9E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2018005265.00000000009E0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9E0000
|
| Size: |
4096
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2105967549.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2281227292.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
4E61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128688346.0000000004E61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E61000
|
| Size: |
4096
|
|
|
80A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3307041255.000000000080A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
80A000
|
| Size: |
8192
|
|
|
461F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3313288408.000000000461F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
461F000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2280783674.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
4DB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314421096.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DB0000
|
| Size: |
4096
|
|
|
4D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3313182274.0000000004D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D1F000
|
| Size: |
4096
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2102742049.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
4DC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314463557.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DC0000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2034091062.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4640000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2172209774.0000000004640000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4640000
|
| Size: |
184320
|
|
|
2ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309069692.0000000002ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ADE000
|
| Size: |
8192
|
|
|
C31000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3307579783.0000000000C31000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C31000
|
| Size: |
954368
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2066100225.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4C80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3314183672.0000000004C80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C80000
|
| Size: |
4096
|
|
|
36FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312048086.00000000036FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36FF000
|
| Size: |
4096
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2259263995.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
5560000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3314254140.0000000005560000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5560000
|
| Size: |
4096
|
|
|
2CDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3309559282.0000000002CDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CDF000
|
| Size: |
4096
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109168639.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2184268799.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
12288
|
|
|
2AB7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3309433465.0000000002AB7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AB7000
|
| Size: |
12288
|
|
|
45DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313325466.00000000045DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45DF000
|
| Size: |
4096
|
|
|
4D60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314182345.0000000004D60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D60000
|
| Size: |
4096
|
|
|
4DF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314515660.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DF0000
|
| Size: |
4096
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2025723848.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2100654860.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128245619.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2096317288.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
4BE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314430497.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BE0000
|
| Size: |
4096
|
|
|
4621000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2033865208.0000000004621000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4621000
|
| Size: |
49152
|
|
|
33FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312152685.00000000033FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33FE000
|
| Size: |
8192
|
|
|
4D80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314185119.0000000004D80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D80000
|
| Size: |
4096
|
|
|
5520000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3314060436.0000000005520000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5520000
|
| Size: |
4096
|
|
|
363F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312330870.000000000363F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
363F000
|
| Size: |
4096
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2106133313.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210870420.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2069897441.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4ADC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3313532357.0000000004ADC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4ADC000
|
| Size: |
16384
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314513116.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128756880.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
4096
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128497677.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2029874057.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
2D7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311476303.0000000002D7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D7F000
|
| Size: |
4096
|
|
|
8BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306620800.00000000008BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8BE000
|
| Size: |
172032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2180495410.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
49152
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2099235980.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
5450000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2110060963.0000000005450000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5450000
|
| Size: |
8192
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2176733845.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2184038916.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
373E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312098991.000000000373E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
373E000
|
| Size: |
8192
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2102751508.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2100164186.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2262847156.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
15D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308650896.00000000015D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15D1000
|
| Size: |
8192
|
|
|
37BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312521789.00000000037BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37BE000
|
| Size: |
8192
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2256110306.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2024613255.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
900000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2070226205.0000000000900000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
900000
|
| Size: |
4096
|
|
|
908000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306620800.0000000000908000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
908000
|
| Size: |
12288
|
|
|
361E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311675223.000000000361E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
361E000
|
| Size: |
8192
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2252771550.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2281564274.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
3A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311472658.0000000003A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A9E000
|
| Size: |
8192
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2069817977.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039126425.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
971000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2246633058.0000000000971000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
971000
|
| Size: |
593920
|
|
|
2E7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3310244423.0000000002E7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E7E000
|
| Size: |
8192
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3314324760.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2067154300.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4B40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3313936884.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B40000
|
| Size: |
4096
|
|
|
858000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2211274984.0000000000858000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
858000
|
| Size: |
4096
|
|
|
421F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312994037.000000000421F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
421F000
|
| Size: |
4096
|
|
|
4741000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2251944120.0000000004741000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4741000
|
| Size: |
253952
|
|
|
AA3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3307879772.0000000000AA3000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
AA3000
|
| Size: |
20480
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2100569514.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2252396429.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
2D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309436023.0000000002D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D1F000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2183756590.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
385E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312078390.000000000385E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
385E000
|
| Size: |
8192
|
|
|
971000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2166374249.0000000000971000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
971000
|
| Size: |
593920
|
|
|
8A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306554031.00000000008A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8A0000
|
| Size: |
4096
|
|
|
3FDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312661265.0000000003FDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FDF000
|
| Size: |
4096
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2262687712.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
8192
|
|
|
35DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311611789.00000000035DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35DF000
|
| Size: |
4096
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3315106945.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
815000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306495921.0000000000815000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
815000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2AB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3309433465.0000000002AB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AB0000
|
| Size: |
16384
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260876903.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2175697959.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
855000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3307041255.0000000000855000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
855000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306310991.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D0000
|
| Size: |
16384
|
|
|
4720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2024397597.0000000004720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4720000
|
| Size: |
180224
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2099868329.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
D71000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3308951526.0000000000D71000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D71000
|
| Size: |
1740800
|
|
|
4D22000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3315156285.0000000004D22000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D22000
|
| Size: |
2002944
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128359588.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
54E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3313886972.00000000054E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54E0000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128494703.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
313F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311844198.000000000313F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
313F000
|
| Size: |
4096
|
|
|
4FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306473370.00000000004FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FD000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
481F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312735419.000000000481F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
481F000
|
| Size: |
4096
|
|
|
2897000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3308874649.0000000002897000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2897000
|
| Size: |
12288
|
|
|
4B00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2184817140.0000000004B00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B00000
|
| Size: |
8192
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2109906233.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2069147563.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2174700890.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
3DBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313011500.0000000003DBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DBE000
|
| Size: |
8192
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2096574632.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
4E61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128789018.0000000004E61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E61000
|
| Size: |
4096
|
|
|
BF8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.2085249798.0000000000BF8000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
BF8000
|
| Size: |
4096
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2038985409.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
4C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3313132656.0000000004C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C1E000
|
| Size: |
8192
|
|
|
F1A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3308817329.0000000000F1A000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F1A000
|
| Size: |
4096
|
|
|
317E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311918053.000000000317E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
317E000
|
| Size: |
8192
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2109888902.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2108616789.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
8192
|
|
|
5530000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3314108411.0000000005530000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5530000
|
| Size: |
4096
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3313579101.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2101564839.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
40FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312967753.00000000040FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40FF000
|
| Size: |
4096
|
|
|
93E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3307743972.000000000093E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
93E000
|
| Size: |
8192
|
|
|
EB2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3307631002.0000000000EB2000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EB2000
|
| Size: |
36864
|
|
|
3100000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2109152599.0000000003100000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3100000
|
| Size: |
53248
|
|
|
4540000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313664326.0000000004540000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4540000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2069942769.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
327F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311970588.000000000327F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
327F000
|
| Size: |
4096
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2259675976.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
DD2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3307790549.0000000000DD2000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DD2000
|
| Size: |
36864
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2066128583.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
5580000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3314360226.0000000005580000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5580000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2066206534.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
5430000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2110075650.0000000005430000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5430000
|
| Size: |
4096
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2099333429.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2031306601.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2103682990.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
4740000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313751800.0000000004740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4740000
|
| Size: |
4096
|
|
|
2FDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309631431.0000000002FDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FDE000
|
| Size: |
8192
|
|
|
435F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313099791.000000000435F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
435F000
|
| Size: |
4096
|
|
|
4C40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3313931219.0000000004C40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C40000
|
| Size: |
4096
|
|
|
33BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312097983.00000000033BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33BF000
|
| Size: |
4096
|
|
|
471F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313439940.000000000471F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
471F000
|
| Size: |
4096
|
|
|
970000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3306833326.0000000000970000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
4096
|
|
|
4E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3313345540.0000000004E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E60000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2252005885.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2183947013.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
4F10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2067205226.0000000004F10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F10000
|
| Size: |
524288
|
|
|
742000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2283094806.0000000000742000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
742000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
43FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313541525.00000000043FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43FF000
|
| Size: |
4096
|
|
|
31DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311421285.00000000031DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31DF000
|
| Size: |
4096
|
|
|
BF3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3306984601.0000000000BF3000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BF3000
|
| Size: |
20480
|
|
|
80D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2130181329.000000000080D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
80D000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2184132707.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
4DC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314382533.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DC0000
|
| Size: |
4096
|
|
|
15D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2130267843.00000000015D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15D1000
|
| Size: |
8192
|
|
|
371E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311955680.000000000371E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
371E000
|
| Size: |
8192
|
|
|
39FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312678769.00000000039FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39FF000
|
| Size: |
4096
|
|
|
3F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313181331.0000000003F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F3E000
|
| Size: |
8192
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2105795984.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2180591484.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2109870095.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
4BBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313799134.0000000004BBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BBE000
|
| Size: |
8192
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2098381982.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
389E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311922045.000000000389E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
389E000
|
| Size: |
8192
|
|
|
473F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313714808.000000000473F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
473F000
|
| Size: |
4096
|
|
|
4CF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3314601159.0000000004CF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CF0000
|
| Size: |
8192
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2105022352.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2106727548.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2096649604.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
4D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313936348.0000000004D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D0F000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128273963.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
33C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306051446.000000000033C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33C000
|
| Size: |
16384
|
|
|
45FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313575890.00000000045FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45FF000
|
| Size: |
4096
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2028209800.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
495F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312845286.000000000495F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
495F000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2068232846.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3313069905.0000000004BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BDF000
|
| Size: |
4096
|
|
|
B18000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.2018136927.0000000000B18000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B18000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2069974139.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
359F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311770581.000000000359F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
359F000
|
| Size: |
4096
|
|
|
858000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3307041255.0000000000858000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
858000
|
| Size: |
4096
|
|
|
4E61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2096346754.0000000004E61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E61000
|
| Size: |
65536
|
|
|
321E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311471651.000000000321E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
321E000
|
| Size: |
8192
|
|
|
3D5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312598467.0000000003D5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D5D000
|
| Size: |
12288
|
|
|
4BC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2261819541.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4BC0000
|
| Size: |
53248
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2096669482.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
391F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311322546.000000000391F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
391F000
|
| Size: |
4096
|
|
|
4E20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3315064151.0000000004E20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E20000
|
| Size: |
4096
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2262927800.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
970000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.2246607893.0000000000970000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
970000
|
| Size: |
4096
|
|
|
321F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3310248387.000000000321F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
321F000
|
| Size: |
4096
|
|
|
D70000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.2166498737.0000000000D70000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D70000
|
| Size: |
1748992
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260933227.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2106046328.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2106170885.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2105970976.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
4F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2096424860.0000000004F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F60000
|
| Size: |
184320
|
|
|
4C30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3313839612.0000000004C30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C30000
|
| Size: |
4096
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2262990692.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
AA8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3307526853.0000000000AA8000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
AA8000
|
| Size: |
12288
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2104376022.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
AA8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3308139365.0000000000AA8000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
AA8000
|
| Size: |
12288
|
|
|
30BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311409952.00000000030BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30BF000
|
| Size: |
4096
|
|
|
3F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311960259.0000000003F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F9E000
|
| Size: |
8192
|
|
|
4CE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3314553963.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
BF8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3306741677.0000000000BF8000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
BF8000
|
| Size: |
12288
|
|
|
D62000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3308181266.0000000000D62000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D62000
|
| Size: |
36864
|
|
|
E71000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3306828991.0000000000E71000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E71000
|
| Size: |
102400
|
|
|
2F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309596245.0000000002F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F9F000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2069958647.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
5412000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2109410350.0000000005412000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5412000
|
| Size: |
16384
|
|
|
3B9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311522095.0000000003B9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B9F000
|
| Size: |
4096
|
|
|
690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306708803.0000000000690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
690000
|
| Size: |
4096
|
|
|
4C20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3315090920.0000000004C20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C20000
|
| Size: |
4096
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2177902413.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128295801.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
2837000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3309637606.0000000002837000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2837000
|
| Size: |
12288
|
|
|
4B30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3313899553.0000000004B30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B30000
|
| Size: |
4096
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2109993070.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
381F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312012763.000000000381F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
381F000
|
| Size: |
4096
|
|
|
385F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311856149.000000000385F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
385F000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2024594809.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2068307828.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4E78000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3315273831.0000000004E78000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E78000
|
| Size: |
2002944
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2103253597.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
417F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313347915.000000000417F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
417F000
|
| Size: |
4096
|
|
|
439E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313164043.000000000439E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
439E000
|
| Size: |
8192
|
|
|
3100000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2108232987.0000000003100000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3100000
|
| Size: |
53248
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2096507100.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
4820000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2096373799.0000000004820000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4820000
|
| Size: |
184320
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2068360527.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4BC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2262215050.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4BC0000
|
| Size: |
53248
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2262875517.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
3D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312541020.0000000003D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D1F000
|
| Size: |
4096
|
|
|
3E5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312653374.0000000003E5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E5F000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260807248.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2096368572.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
8192
|
|
|
2A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3310273603.0000000002A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A3F000
|
| Size: |
4096
|
|
|
F8A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3308789391.0000000000F8A000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F8A000
|
| Size: |
4096
|
|
|
3E7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312733232.0000000003E7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E7F000
|
| Size: |
4096
|
|
|
4BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3313612498.0000000004BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BDF000
|
| Size: |
4096
|
|
|
4621000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2024480793.0000000004621000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4621000
|
| Size: |
245760
|
|
|
38C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3306031826.000000000038C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38C000
|
| Size: |
16384
|
|
|
EC0000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.2087512274.0000000000EC0000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
EC0000
|
| Size: |
1748992
|
|
|
2E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3309697896.0000000002E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E5E000
|
| Size: |
8192
|
|
|
54F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3313934837.00000000054F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54F0000
|
| Size: |
4096
|
|
|
4D20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2263079312.0000000004D20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D20000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2180811363.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
D21000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3308181266.0000000000D21000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D21000
|
| Size: |
102400
|
|
|
9D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3307103873.00000000009D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
820000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3306635343.0000000000820000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
820000
|
| Size: |
4096
|
|
|
27FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3309561703.00000000027FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
27FE000
|
| Size: |
8192
|
|
|
35FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311982236.00000000035FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35FE000
|
| Size: |
8192
|
|
|
36DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309723649.00000000036DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36DE000
|
| Size: |
8192
|
|
|
4620000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3313382205.0000000004620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
4096
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2106470807.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
341F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309518847.000000000341F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
341F000
|
| Size: |
4096
|
|
|
349E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311706889.000000000349E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
349E000
|
| Size: |
8192
|
|
|
339E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311422950.000000000339E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
339E000
|
| Size: |
8192
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2096529162.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
2C3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311383097.0000000002C3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C3F000
|
| Size: |
4096
|
|
|
510E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3315438019.000000000510E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
510E000
|
| Size: |
8192
|
|
|
4DA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3314282589.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DA0000
|
| Size: |
4096
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2104826506.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
4C0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313884657.0000000004C0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C0C000
|
| Size: |
16384
|
|
|
4A9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312964356.0000000004A9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A9F000
|
| Size: |
4096
|
|
|
1195000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308314585.0000000001195000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1195000
|
| Size: |
8192
|
|
|
303E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311784591.000000000303E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
303E000
|
| Size: |
8192
|
|
|
2820000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2184798540.0000000002820000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2820000
|
| Size: |
4096
|
|
|
30FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311492632.00000000030FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30FE000
|
| Size: |
8192
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2033994169.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
4CE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109464948.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
4D80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314280940.0000000004D80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D80000
|
| Size: |
4096
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2096549275.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
2CFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3309636672.0000000002CFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CFF000
|
| Size: |
4096
|
|
|
116D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3308262965.000000000116D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
116D000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
44BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313430863.00000000044BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44BF000
|
| Size: |
4096
|
|
|
EC0000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.2085267018.0000000000EC0000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
EC0000
|
| Size: |
1748992
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2024334321.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
44FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313495606.00000000044FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44FE000
|
| Size: |
8192
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.2109976406.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
355F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3309597800.000000000355F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
355F000
|
| Size: |
4096
|
|
|
4B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313581015.0000000004B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B9E000
|
| Size: |
8192
|
|
|
49BD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313715317.00000000049BD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49BD000
|
| Size: |
12288
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2102037502.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039156749.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
8FD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306620800.00000000008FD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8FD000
|
| Size: |
4096
|
|
|
D70000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.2246742874.0000000000D70000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D70000
|
| Size: |
1748992
|
|
|
4D40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.2263059887.0000000004D40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D40000
|
| Size: |
8192
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2104093553.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
4BE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039301729.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BE0000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2034256331.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
3FBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312838166.0000000003FBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FBF000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2251822086.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
2E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309555754.0000000002E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E9E000
|
| Size: |
8192
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039175291.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
4741000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282088643.0000000004741000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4741000
|
| Size: |
4096
|
|
|
3A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306168166.00000000003A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3A0000
|
| Size: |
4096
|
|
|
3D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311710322.0000000003D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D1E000
|
| Size: |
8192
|
|
|
443E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313578284.000000000443E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
443E000
|
| Size: |
8192
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2252045727.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2024574096.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
349F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311493112.000000000349F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
349F000
|
| Size: |
4096
|
|
|
31FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311544620.00000000031FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31FF000
|
| Size: |
4096
|
|
|
3EBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312791074.0000000003EBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EBE000
|
| Size: |
8192
|
|
|
AAC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3307579783.0000000000AAC000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
AAC000
|
| Size: |
1581056
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260075196.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
3E9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312506484.0000000003E9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E9F000
|
| Size: |
4096
|
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306410282.00000000001F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
D56000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3307579783.0000000000D56000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D56000
|
| Size: |
45056
|
|
|
299F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3308995442.000000000299F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
299F000
|
| Size: |
4096
|
|
|
3AFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312454883.0000000003AFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3AFE000
|
| Size: |
8192
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2033720655.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
4E61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2128141653.0000000004E61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E61000
|
| Size: |
49152
|
|
|
413E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313017013.000000000413E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
413E000
|
| Size: |
8192
|
|
|
30DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309678216.00000000030DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30DF000
|
| Size: |
4096
|
|
|
42FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313491602.00000000042FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42FE000
|
| Size: |
8192
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2066155590.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2033900327.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
C31000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3308181266.0000000000C31000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C31000
|
| Size: |
954368
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3CBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312957990.0000000003CBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CBE000
|
| Size: |
8192
|
|
|
AAC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3308181266.0000000000AAC000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
AAC000
|
| Size: |
1581056
|
|
|
B18000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3307736561.0000000000B18000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B18000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
397F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312283830.000000000397F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
397F000
|
| Size: |
4096
|
|
|
4BD2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2038565636.0000000004BD2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4BD2000
|
| Size: |
16384
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2069925412.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2030361692.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2107398625.0000000000A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
A90000
|
| Size: |
53248
|
|
|
38BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312572495.00000000038BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38BF000
|
| Size: |
4096
|
|
|
335E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3311591244.000000000335E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
335E000
|
| Size: |
8192
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2103729109.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109071328.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
BFC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3306828991.0000000000BFC000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BFC000
|
| Size: |
1581056
|
|
|
459F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312525238.000000000459F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
459F000
|
| Size: |
4096
|
|
|
453F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313634134.000000000453F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
453F000
|
| Size: |
4096
|
|
|
4CF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109489221.0000000004CF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CF0000
|
| Size: |
8192
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2210763635.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
3EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312603542.0000000003EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EDE000
|
| Size: |
8192
|
|
|
DE1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3308363344.0000000000DE1000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
DE1000
|
| Size: |
1740800
|
|
|
4DA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314374472.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DA0000
|
| Size: |
4096
|
|
|
790000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3306440241.0000000000790000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
790000
|
| Size: |
4096
|
|
|
39BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312334326.00000000039BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39BE000
|
| Size: |
8192
|
|
|
4CD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3314514663.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CD0000
|
| Size: |
4096
|
|
|
A9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3306048351.0000000000A9C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9C000
|
| Size: |
16384
|
|
|
D81000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3306828991.0000000000D81000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D81000
|
| Size: |
954368
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5570000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3314301778.0000000005570000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
387E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312223252.000000000387E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
387E000
|
| Size: |
8192
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2106525878.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2172331145.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
249856
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109391941.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
4D20000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3314008463.0000000004D20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D20000
|
| Size: |
4096
|
|
|
7A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2099708881.00000000007A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
53248
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039051486.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
4621000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2066059300.0000000004621000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4621000
|
| Size: |
49152
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039211977.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
3E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312706818.0000000003E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E9E000
|
| Size: |
8192
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2105574577.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
5A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306212806.00000000005A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A0000
|
| Size: |
4096
|
|
|
3F5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311891791.0000000003F5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F5F000
|
| Size: |
4096
|
|
|
E71000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3307631002.0000000000E71000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E71000
|
| Size: |
102400
|
|
|
371F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311734409.000000000371F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
371F000
|
| Size: |
4096
|
|
|
9B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2027098728.00000000009B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
53248
|
|
|
3C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128335159.00000000003C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C4000
|
| Size: |
4096
|
|
|
4AF2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2182379846.0000000004AF2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AF2000
|
| Size: |
16384
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2261099138.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
4C34000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3315142662.0000000004C34000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C34000
|
| Size: |
2002944
|
|
|
4741000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260713522.0000000004741000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4741000
|
| Size: |
49152
|
|
|
3BDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3311595303.0000000003BDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BDE000
|
| Size: |
8192
|
|
|
2C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3309142823.0000000002C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C1E000
|
| Size: |
8192
|
|
|
325E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3311287456.000000000325E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
325E000
|
| Size: |
8192
|
|
|
D21000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3307579783.0000000000D21000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D21000
|
| Size: |
102400
|
|
|
1A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3306349588.00000000001A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A0000
|
| Size: |
4096
|
|
|
89E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306495467.000000000089E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
89E000
|
| Size: |
8192
|
|
|
2E1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3309651724.0000000002E1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E1F000
|
| Size: |
4096
|
|
|
4D70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3314232718.0000000004D70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D70000
|
| Size: |
4096
|
|
|
970000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.2165849273.0000000000970000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
970000
|
| Size: |
4096
|
|
|
2A90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2255679485.0000000002A90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A90000
|
| Size: |
53248
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2177304509.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2180402022.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
4C10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3313675203.0000000004C10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C10000
|
| Size: |
4096
|
|
|
293F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3309763974.000000000293F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
293F000
|
| Size: |
4096
|
|
|
43BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3313351845.00000000043BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43BE000
|
| Size: |
8192
|
|
|
333F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3311673526.000000000333F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
333F000
|
| Size: |
4096
|
|
|
471E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3312683892.000000000471E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
471E000
|
| Size: |
8192
|
|
|
D91000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3307790549.0000000000D91000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D91000
|
| Size: |
102400
|
|
|
38FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312627484.00000000038FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38FE000
|
| Size: |
8192
|
|
|
4B90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3314160446.0000000004B90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B90000
|
| Size: |
4096
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.2128659517.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
4096
|
|
|
3ADF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3312109206.0000000003ADF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ADF000
|
| Size: |
4096
|
|
|
1580000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2101124475.0000000001580000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
53248
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260907052.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
5550000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3314210062.0000000005550000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5550000
|
| Size: |
8192
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3313882751.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.2182699177.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
8192
|
|
|
2E3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3309728139.0000000002E3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E3F000
|
| Size: |
4096
|
|
|
588E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3315187831.000000000588E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
588E000
|
| Size: |
8192
|
|
|
43C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3306040079.000000000043C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43C000
|
| Size: |
16384
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2251984799.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
2880000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039353042.0000000002880000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2880000
|
| Size: |
4096
|
|
|
AB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109513679.0000000000AB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AB0000
|
| Size: |
4096
|
|
|
106A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3308895930.000000000106A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
106A000
|
| Size: |
4096
|
|
|
2EBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3311606101.0000000002EBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EBF000
|
| Size: |
4096
|
|
|
367E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3312388883.000000000367E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
367E000
|
| Size: |
8192
|
|
|
2AD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3309436298.0000000002AD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AD0000
|
| Size: |
16384
|
|
|
1194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2096630690.0000000001194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1194000
|
| Size: |
4096
|
|
|
44DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313268551.00000000044DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44DE000
|
| Size: |
8192
|
|
|
AC0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3306173101.0000000000AC0000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
AC0000
|
| Size: |
4096
|
|
|
4E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3315176844.0000000004E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E20000
|
| Size: |
2002944
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2038949828.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2260856194.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
|
|
4C60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3314080382.0000000004C60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C60000
|
| Size: |
4096
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.2109282853.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
399E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312194140.000000000399E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
399E000
|
| Size: |
8192
|
|
|
449F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3313224845.000000000449F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
449F000
|
| Size: |
4096
|
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2024554459.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D4000
|
| Size: |
4096
|
|
|
2890000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3308874649.0000000002890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2890000
|
| Size: |
16384
|
|
|
3BFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3312524896.0000000003BFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BFF000
|
| Size: |
4096
|
|
|
403F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3313242122.000000000403F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
403F000
|
| Size: |
4096
|
|
|
4741000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282256032.0000000004741000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4741000
|
| Size: |
4096
|
|
|
4BF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.2039326014.0000000004BF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BF0000
|
| Size: |
8192
|
|
|
4E61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.2130081884.0000000004E61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E61000
|
| Size: |
4096
|
|
|
940000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2178491077.0000000000940000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
53248
|
|
|
DE0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3307790549.0000000000DE0000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DE0000
|
| Size: |
4096
|
|
|
3ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312336432.0000000003ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ADE000
|
| Size: |
8192
|
|
|
44DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3313117800.00000000044DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44DF000
|
| Size: |
4096
|
|
|
5510000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3314010246.0000000005510000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5510000
|
| Size: |
4096
|
|
|
EA6000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3306828991.0000000000EA6000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
EA6000
|
| Size: |
45056
|
|
|
3BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3312397187.0000000003BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BDF000
|
| Size: |
4096
|
|
|
F1A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3309516714.0000000000F1A000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F1A000
|
| Size: |
4096
|
|
|
4741000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2282593169.0000000004741000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4741000
|
| Size: |
4096
|
|
