|
211000
|
unkown
|
page execute and read and write
|
 |
|
|
| Name: |
00000006.00000002.3788234643.0000000000211000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
211000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4AD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1393916127.0000000004AD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AD0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5100000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1468115557.0000000005100000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5100000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
49C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1392470110.00000000049C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49C0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
50E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1331208487.00000000050E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50E0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
211000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3788080872.0000000000211000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
211000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
841000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3788139616.0000000000841000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
841000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
51A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1548941705.00000000051A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
51A0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
821000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3788079300.0000000000821000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
821000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
841000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3788101303.0000000000841000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
841000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1381181009.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1319853341.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460234952.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
13D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1365041119.00000000013D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D8000
|
| Size: |
8192
|
|
|
156F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790101173.000000000156F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
156F000
|
| Size: |
4096
|
|
|
50F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792789028.00000000050F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50F0000
|
| Size: |
12288
|
|
|
38BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791352453.00000000038BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38BF000
|
| Size: |
4096
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549330458.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1319975762.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
304F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790250677.000000000304F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
304F000
|
| Size: |
4096
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1546748641.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
2DBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790505158.0000000002DBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DBE000
|
| Size: |
8192
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480440180.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
478E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791838668.000000000478E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
478E000
|
| Size: |
8192
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1469025474.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
428E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791821508.000000000428E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
428E000
|
| Size: |
8192
|
|
|
821000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1313911964.0000000000821000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
821000
|
| Size: |
593920
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421508252.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1469043685.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
8192
|
|
|
430F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792021148.000000000430F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
430F000
|
| Size: |
4096
|
|
|
4C60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3792560603.0000000004C60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C60000
|
| Size: |
4096
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468504560.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
438F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791477339.000000000438F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
438F000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421707012.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
3BCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791199901.0000000003BCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BCE000
|
| Size: |
8192
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3793371670.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
4B30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3792958777.0000000004B30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B30000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1319873433.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1540574168.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
BAB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789574147.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BAB000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
5250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792964590.0000000005250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5250000
|
| Size: |
4096
|
|
|
35CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790858509.00000000035CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35CF000
|
| Size: |
4096
|
|
|
308C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790313080.000000000308C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
308C000
|
| Size: |
16384
|
|
|
35D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363245792.000000000035D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35D000
|
| Size: |
12288
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394311970.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
8192
|
|
|
283E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789896570.000000000283E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
283E000
|
| Size: |
8192
|
|
|
388E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790771617.000000000388E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
388E000
|
| Size: |
8192
|
|
|
2860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393458162.0000000002860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2860000
|
| Size: |
4096
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468980202.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
12288
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1389877830.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1364695984.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1544403767.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1392623260.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467119729.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
4631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421807675.0000000004631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4631000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1389940204.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394427132.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
4C61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1466994825.0000000004C61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C61000
|
| Size: |
229376
|
|
|
4C51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1319825678.0000000004C51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C51000
|
| Size: |
49152
|
|
|
311E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790457967.000000000311E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
311E000
|
| Size: |
8192
|
|
|
1470000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790015018.0000000001470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1470000
|
| Size: |
24576
|
|
|
2FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790458099.0000000002FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FCE000
|
| Size: |
8192
|
|
|
323F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364326749.000000000323F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
323F000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1360560880.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
318F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790360209.000000000318F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
318F000
|
| Size: |
4096
|
|
|
2C7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790407056.0000000002C7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C7F000
|
| Size: |
4096
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1380857950.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
5420000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3794244762.0000000005420000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5420000
|
| Size: |
4096
|
|
|
5430000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3794288805.0000000005430000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5430000
|
| Size: |
4096
|
|
|
953000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3788079300.0000000000953000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
953000
|
| Size: |
20480
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460142269.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
DBD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3789417141.0000000000DBD000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DBD000
|
| Size: |
4096
|
|
|
C37000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.1535540237.0000000000C37000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C37000
|
| Size: |
1732608
|
|
|
4B80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793239519.0000000004B80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B80000
|
| Size: |
4096
|
|
|
340F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790581515.000000000340F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
340F000
|
| Size: |
4096
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1331781016.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
11B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789533462.00000000011B0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11B0000
|
| Size: |
4096
|
|
|
11D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789571436.00000000011D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D0000
|
| Size: |
16384
|
|
|
42BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792306280.00000000042BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42BF000
|
| Size: |
4096
|
|
|
14B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1561636088.00000000014B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14B2000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421376271.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3788071906.0000000000840000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
840000
|
| Size: |
4096
|
|
|
978000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000A.00000000.1535480746.0000000000978000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
978000
|
| Size: |
4096
|
|
|
4631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421850732.0000000004631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4631000
|
| Size: |
4096
|
|
|
414E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791371881.000000000414E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
414E000
|
| Size: |
8192
|
|
|
4AC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3792348507.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AC0000
|
| Size: |
12288
|
|
|
30DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790411516.00000000030DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30DF000
|
| Size: |
4096
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1331911245.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
400E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791628749.000000000400E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
400E000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1325044627.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1331847839.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
AFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789423436.0000000000AFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AFD000
|
| Size: |
12288
|
|
|
480F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792594902.000000000480F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
480F000
|
| Size: |
4096
|
|
|
82C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3787961271.000000000082C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
82C000
|
| Size: |
16384
|
|
|
5212000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1331208487.0000000005212000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5212000
|
| Size: |
16384
|
|
|
41BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792261097.00000000041BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41BE000
|
| Size: |
8192
|
|
|
48DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792345937.00000000048DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48DE000
|
| Size: |
8192
|
|
|
BE9000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3788527005.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BE9000
|
| Size: |
114688
|
|
|
338E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790715823.000000000338E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
338E000
|
| Size: |
8192
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480370243.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1389841979.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
4B0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3792394622.0000000004B0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B0C000
|
| Size: |
16384
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1362425024.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
820000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1313894367.0000000000820000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
820000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1540554050.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
50D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1330967860.00000000050D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50D0000
|
| Size: |
53248
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3793527342.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
44CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791971847.00000000044CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44CF000
|
| Size: |
4096
|
|
|
BD8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789574147.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD8000
|
| Size: |
4096
|
|
|
D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789810374.0000000000D10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D10000
|
| Size: |
16384
|
|
|
3C5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791272962.0000000003C5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C5E000
|
| Size: |
8192
|
|
|
4C10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793764374.0000000004C10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C10000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547968761.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
5360000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3793433358.0000000005360000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5360000
|
| Size: |
8192
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549589895.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
52F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549732284.00000000052F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52F0000
|
| Size: |
4096
|
|
|
840000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1454425072.0000000000840000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
840000
|
| Size: |
4096
|
|
|
52F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793434843.00000000052F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52F0000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1361454117.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4B1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792508318.0000000004B1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B1F000
|
| Size: |
4096
|
|
|
C28000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3788527005.0000000000C28000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C28000
|
| Size: |
40960
|
|
|
E43000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1422274716.0000000000E43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E43000
|
| Size: |
8192
|
|
|
5360000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793868978.0000000005360000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5360000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1390043404.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
360E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790908725.000000000360E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
360E000
|
| Size: |
8192
|
|
|
398F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791165972.000000000398F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
398F000
|
| Size: |
4096
|
|
|
2D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790247514.0000000002D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D0F000
|
| Size: |
4096
|
|
|
360E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790583108.000000000360E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
360E000
|
| Size: |
8192
|
|
|
401E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791576424.000000000401E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
401E000
|
| Size: |
8192
|
|
|
4C02000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1393916127.0000000004C02000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4C02000
|
| Size: |
16384
|
|
|
115C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789489995.000000000115C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
115C000
|
| Size: |
16384
|
|
|
4CF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3793059377.0000000004CF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CF0000
|
| Size: |
4096
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549474390.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467085072.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
1210000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789610283.0000000001210000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1210000
|
| Size: |
16384
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547932015.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
5190000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1548738792.0000000005190000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5190000
|
| Size: |
53248
|
|
|
49CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791999035.00000000049CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49CF000
|
| Size: |
4096
|
|
|
4C39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3793864870.0000000004C39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C39000
|
| Size: |
2002944
|
|
|
313F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790719033.000000000313F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
313F000
|
| Size: |
4096
|
|
|
138A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789734640.000000000138A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
138A000
|
| Size: |
8192
|
|
|
33BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790907858.00000000033BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33BF000
|
| Size: |
4096
|
|
|
2D7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790454719.0000000002D7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D7F000
|
| Size: |
4096
|
|
|
324E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790335081.000000000324E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
324E000
|
| Size: |
8192
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549565979.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
41CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791900526.00000000041CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41CF000
|
| Size: |
4096
|
|
|
2EAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790213380.0000000002EAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EAB000
|
| Size: |
20480
|
|
|
3E0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791401216.0000000003E0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E0F000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1540533253.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
4DA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3788481819.00000000004DA000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
4DA000
|
| Size: |
884736
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
210000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1374151541.0000000000210000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
210000
|
| Size: |
4096
|
|
|
439F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791820067.000000000439F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
439F000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1360546199.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421765650.0000000004631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4631000
|
| Size: |
4096
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1545045998.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
12AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789735499.00000000012AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12AE000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
607000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1375211885.0000000000607000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
607000
|
| Size: |
1732608
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1540591749.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547618542.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
31F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364305126.00000000031F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
20480
|
|
|
310F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790247192.000000000310F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
310F000
|
| Size: |
4096
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793359366.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1379900823.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
52C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793235943.00000000052C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52C0000
|
| Size: |
4096
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1321027366.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
210000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3788018220.0000000000210000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
210000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421741918.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
4C61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480689884.0000000004C61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C61000
|
| Size: |
4096
|
|
|
973000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3788139616.0000000000973000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
973000
|
| Size: |
20480
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1392905526.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
8192
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421625256.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
2DEA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364214129.0000000002DEA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DEA000
|
| Size: |
24576
|
|
|
5330000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3793257910.0000000005330000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5330000
|
| Size: |
4096
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549519004.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
1130000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3789603801.0000000001130000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1130000
|
| Size: |
4096
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1543234568.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
4C61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480779294.0000000004C61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C61000
|
| Size: |
4096
|
|
|
513C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792839157.000000000513C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
513C000
|
| Size: |
16384
|
|
|
C37000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.1455068533.0000000000C37000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C37000
|
| Size: |
1732608
|
|
|
293F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789932745.000000000293F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
293F000
|
| Size: |
4096
|
|
|
E3B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1422274716.0000000000E3B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E3B000
|
| Size: |
4096
|
|
|
5290000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793050445.0000000005290000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5290000
|
| Size: |
4096
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1321931605.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
DCC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789576005.0000000000DCC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DCC000
|
| Size: |
16384
|
|
|
444F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792199299.000000000444F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
444F000
|
| Size: |
4096
|
|
|
465E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792076347.000000000465E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
465E000
|
| Size: |
8192
|
|
|
841000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000000.1454919888.0000000000841000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
841000
|
| Size: |
593920
|
|
|
4D20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3793216133.0000000004D20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D20000
|
| Size: |
4096
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1461175010.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547877666.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
C28000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3788503404.0000000000C28000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C28000
|
| Size: |
40960
|
|
|
12EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789735499.00000000012EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12EA000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
DFD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789661923.0000000000DFD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DFD000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
32CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790460629.00000000032CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32CF000
|
| Size: |
4096
|
|
|
3E9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791444409.0000000003E9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E9F000
|
| Size: |
4096
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1380287843.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
348000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.1374460898.0000000000348000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
348000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460180204.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1461871958.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
5250000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1332612336.0000000005250000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5250000
|
| Size: |
8192
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468829774.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1362475927.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
50DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792731263.00000000050DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50DD000
|
| Size: |
12288
|
|
|
7EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363364722.00000000007EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7EE000
|
| Size: |
8192
|
|
|
1C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3788064426.00000000001C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1C0000
|
| Size: |
4096
|
|
|
45CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792397450.00000000045CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45CE000
|
| Size: |
8192
|
|
|
4D7A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3793513423.0000000004D7A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D7A000
|
| Size: |
2002944
|
|
|
978000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000000.1455045522.0000000000978000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
978000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421399147.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
52F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3793361235.00000000052F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52F0000
|
| Size: |
4096
|
|
|
4C4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3792265352.0000000004C4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C4F000
|
| Size: |
4096
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1381358791.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
1D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3788131816.00000000001D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0000
|
| Size: |
4096
|
|
|
39CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791203608.00000000039CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39CE000
|
| Size: |
8192
|
|
|
2A7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790293364.0000000002A7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A7F000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1389858380.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789488823.0000000000C40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
16384
|
|
|
CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789768699.0000000000CA0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CA0000
|
| Size: |
4096
|
|
|
50D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1328364004.00000000050D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50D0000
|
| Size: |
53248
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1379918842.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
450E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3792025655.000000000450E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
450E000
|
| Size: |
8192
|
|
|
52B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793171281.00000000052B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52B0000
|
| Size: |
4096
|
|
|
210000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3788180460.0000000000210000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
210000
|
| Size: |
4096
|
|
|
4ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792870425.0000000004ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4ACE000
|
| Size: |
8192
|
|
|
4C20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1395003913.0000000004C20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C20000
|
| Size: |
4096
|
|
|
7AD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3789388136.00000000007AD000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7AD000
|
| Size: |
4096
|
|
|
39CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790876441.00000000039CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39CE000
|
| Size: |
8192
|
|
|
338E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790410491.000000000338E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
338E000
|
| Size: |
8192
|
|
|
3CBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791726544.0000000003CBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CBE000
|
| Size: |
8192
|
|
|
AEA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3788479543.0000000000AEA000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
AEA000
|
| Size: |
884736
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4C51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1360445617.0000000004C51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C51000
|
| Size: |
49152
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3793203259.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1561131943.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
11C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789574338.00000000011C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C0000
|
| Size: |
4096
|
|
|
35DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790760085.00000000035DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35DF000
|
| Size: |
4096
|
|
|
4CB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3792833199.0000000004CB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CB0000
|
| Size: |
4096
|
|
|
5370000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793935159.0000000005370000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5370000
|
| Size: |
4096
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3793167277.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1319959883.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
14BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790015018.00000000014BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14BA000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1381227769.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1382904483.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
4AAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3792297211.0000000004AAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AAE000
|
| Size: |
8192
|
|
|
52F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3793034779.00000000052F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52F0000
|
| Size: |
4096
|
|
|
138E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789734640.000000000138E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
138E000
|
| Size: |
196608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
4631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1422011193.0000000004631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4631000
|
| Size: |
4096
|
|
|
5190000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1548516187.0000000005190000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5190000
|
| Size: |
53248
|
|
|
36CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790812012.00000000036CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36CE000
|
| Size: |
8192
|
|
|
40CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791815836.00000000040CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40CE000
|
| Size: |
8192
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1385893490.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393213120.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547814391.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547841303.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
4C61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480721366.0000000004C61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C61000
|
| Size: |
4096
|
|
|
3B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791165636.0000000003B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B1E000
|
| Size: |
8192
|
|
|
2D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790289274.0000000002D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D4E000
|
| Size: |
8192
|
|
|
411F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791626618.000000000411F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
411F000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480456836.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1360646779.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1388604993.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
344E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790630996.000000000344E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
344E000
|
| Size: |
8192
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1331721422.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
297F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790246011.000000000297F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
297F000
|
| Size: |
4096
|
|
|
300F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790210613.000000000300F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
300F000
|
| Size: |
4096
|
|
|
370F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790983123.000000000370F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
370F000
|
| Size: |
4096
|
|
|
464E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791734993.000000000464E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
464E000
|
| Size: |
8192
|
|
|
52A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3792736521.00000000052A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52A0000
|
| Size: |
4096
|
|
|
5310000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793585239.0000000005310000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5310000
|
| Size: |
4096
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468630830.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
410F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791674125.000000000410F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
410F000
|
| Size: |
4096
|
|
|
417F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792208162.000000000417F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
417F000
|
| Size: |
4096
|
|
|
33FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790952790.00000000033FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33FE000
|
| Size: |
8192
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549376747.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1386845165.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1360474549.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4610000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3792188980.0000000004610000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4610000
|
| Size: |
4096
|
|
|
408F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791742839.000000000408F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
408F000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467049995.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1360526978.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480421694.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1560943872.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394355512.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394859856.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
451E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791967788.000000000451E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
451E000
|
| Size: |
8192
|
|
|
53F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3794086053.00000000053F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53F0000
|
| Size: |
4096
|
|
|
389E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790987795.000000000389E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
389E000
|
| Size: |
8192
|
|
|
363F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791120933.000000000363F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
363F000
|
| Size: |
4096
|
|
|
C18000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.3789161730.0000000000C18000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C18000
|
| Size: |
1724416
|
|
|
1440000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3789929977.0000000001440000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1440000
|
| Size: |
16384
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460545664.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
52D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3792917195.00000000052D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52D0000
|
| Size: |
4096
|
|
|
50D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3792420626.00000000050D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50D0000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1325284637.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1324734342.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
415E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791670718.000000000415E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
415E000
|
| Size: |
8192
|
|
|
3ACF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790907657.0000000003ACF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ACF000
|
| Size: |
4096
|
|
|
5240000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1332592790.0000000005240000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5240000
|
| Size: |
4096
|
|
|
2EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790090691.0000000002EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EDE000
|
| Size: |
8192
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1331823384.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
5F1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3788634361.00000000005F1000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5F1000
|
| Size: |
24576
|
|
|
5150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1545208385.0000000005150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5150000
|
| Size: |
176128
|
|
|
4C0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3792456570.0000000004C0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C0F000
|
| Size: |
4096
|
|
|
4980000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1383727925.0000000004980000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4980000
|
| Size: |
180224
|
|
|
330E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790526077.000000000330E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
330E000
|
| Size: |
8192
|
|
|
424F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791399106.000000000424F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
424F000
|
| Size: |
4096
|
|
|
53B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3793867356.00000000053B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53B0000
|
| Size: |
4096
|
|
|
31AF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364274583.00000000031AF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31AF000
|
| Size: |
4096
|
|
|
3FCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791580846.0000000003FCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FCF000
|
| Size: |
4096
|
|
|
3050000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364235592.0000000003050000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3050000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1392542791.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
13CD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789734640.00000000013CD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13CD000
|
| Size: |
4096
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1324069387.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1331756484.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1466660423.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394840142.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1379946365.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
5232000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1468115557.0000000005232000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5232000
|
| Size: |
16384
|
|
|
50F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467697687.00000000050F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50F0000
|
| Size: |
53248
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421878598.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
1380000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789734640.0000000001380000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1380000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4C5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792618357.0000000004C5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C5F000
|
| Size: |
4096
|
|
|
5F8000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3788481819.00000000005F8000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5F8000
|
| Size: |
40960
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1422008229.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
4F2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3794271827.0000000004F2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F2E000
|
| Size: |
8192
|
|
|
5310000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3793148232.0000000005310000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5310000
|
| Size: |
4096
|
|
|
518D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3793137447.000000000518D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
518D000
|
| Size: |
12288
|
|
|
14A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790015018.00000000014A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A8000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
335F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790587175.000000000335F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
335F000
|
| Size: |
4096
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1389978948.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1320400024.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
34CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790501524.00000000034CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34CE000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1319908026.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393162509.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1560993144.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
2DAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364190930.0000000002DAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DAD000
|
| Size: |
12288
|
|
|
334F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790672277.000000000334F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
334F000
|
| Size: |
4096
|
|
|
374E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790691161.000000000374E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
374E000
|
| Size: |
8192
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467186019.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
420E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791967459.000000000420E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
420E000
|
| Size: |
8192
|
|
|
E31000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789661923.0000000000E31000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E31000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792001793.0000000003F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F3E000
|
| Size: |
8192
|
|
|
34FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791022976.00000000034FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34FF000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480386159.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
5380000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793985957.0000000005380000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5380000
|
| Size: |
8192
|
|
|
31CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790414191.00000000031CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31CE000
|
| Size: |
8192
|
|
|
4D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3793016648.0000000004D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D0F000
|
| Size: |
4096
|
|
|
4AF2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1392470110.0000000004AF2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AF2000
|
| Size: |
16384
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1324395854.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
13D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789734640.00000000013D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D8000
|
| Size: |
12288
|
|
|
488F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791890630.000000000488F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
488F000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421447676.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1548043071.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
4CA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3792766034.0000000004CA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CA0000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1540609278.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
316E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364255112.000000000316E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
316E000
|
| Size: |
8192
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467294444.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
7F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363379399.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F0000
|
| Size: |
4096
|
|
|
343000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3788234643.0000000000343000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
343000
|
| Size: |
20480
|
|
|
414E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791723081.000000000414E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
414E000
|
| Size: |
8192
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1381710262.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
607000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1374481904.0000000000607000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
607000
|
| Size: |
1732608
|
|
|
428E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791445880.000000000428E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
428E000
|
| Size: |
8192
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1545851258.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
12B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3789721324.00000000012B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B0000
|
| Size: |
16384
|
|
|
3C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791035115.0000000003C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C4E000
|
| Size: |
8192
|
|
|
470E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792533872.000000000470E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
470E000
|
| Size: |
8192
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3787995415.0000000000840000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
840000
|
| Size: |
4096
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1546494110.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
367E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791168301.000000000367E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
367E000
|
| Size: |
8192
|
|
|
5370000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3793657892.0000000005370000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5370000
|
| Size: |
4096
|
|
|
3C1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791207024.0000000003C1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C1F000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1392002070.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
2E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790373172.0000000002E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E8E000
|
| Size: |
8192
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1388716510.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
BE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789574147.0000000000BE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE1000
|
| Size: |
8192
|
|
|
125E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789691256.000000000125E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
125E000
|
| Size: |
8192
|
|
|
321F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790501672.000000000321F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
321F000
|
| Size: |
4096
|
|
|
4540000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792676834.0000000004540000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4540000
|
| Size: |
4096
|
|
|
5380000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3793707486.0000000005380000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5380000
|
| Size: |
4096
|
|
|
5370000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3793493063.0000000005370000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5370000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1381124700.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
5390000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3793768609.0000000005390000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5390000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460162326.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1321329983.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
5360000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3793572133.0000000005360000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5360000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1360580328.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1379932472.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
608000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3789194073.0000000000608000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
608000
|
| Size: |
1724416
|
|
|
4631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1381104716.0000000004631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4631000
|
| Size: |
49152
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1331929515.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
5B9000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3788634361.00000000005B9000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5B9000
|
| Size: |
114688
|
|
|
2A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790090507.0000000002A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A8F000
|
| Size: |
4096
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1389249075.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
354F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790683200.000000000354F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
354F000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393077217.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460106726.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
4631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1391160535.0000000004631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4631000
|
| Size: |
241664
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421470078.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
370F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790646154.000000000370F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
370F000
|
| Size: |
4096
|
|
|
15C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3788012635.000000000015C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15C000
|
| Size: |
16384
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460968306.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1560977842.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393412131.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
12288
|
|
|
4C90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3792708198.0000000004C90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C90000
|
| Size: |
4096
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1542933854.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
4B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792562457.0000000004B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B5E000
|
| Size: |
8192
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421489681.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
5340000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3793317845.0000000005340000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5340000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1392506418.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
4C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3792316670.0000000004C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1560925312.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1392996412.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
458F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792326698.000000000458F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
458F000
|
| Size: |
4096
|
|
|
43FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792452810.00000000043FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43FF000
|
| Size: |
4096
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1464374982.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
4AC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1393662039.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AC0000
|
| Size: |
53248
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1322678547.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
434E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792104133.000000000434E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
434E000
|
| Size: |
8192
|
|
|
4631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421714470.0000000004631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4631000
|
| Size: |
4096
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1389279646.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
2EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790586345.0000000002EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EFE000
|
| Size: |
8192
|
|
|
3A8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791097486.0000000003A8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A8E000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1319891418.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421428368.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
12F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1481011924.00000000012F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12F5000
|
| Size: |
8192
|
|
|
3C7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791670454.0000000003C7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C7F000
|
| Size: |
4096
|
|
|
DFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789661923.0000000000DFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DFA000
|
| Size: |
8192
|
|
|
1430000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3789884347.0000000001430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1430000
|
| Size: |
4096
|
|
|
39A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363266729.000000000039A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39A000
|
| Size: |
24576
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1379885250.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
5300000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3793102629.0000000005300000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5300000
|
| Size: |
4096
|
|
|
1370000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789692674.0000000001370000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1370000
|
| Size: |
4096
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547335897.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467270577.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
DD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1391973502.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
DD0000
|
| Size: |
53248
|
|
|
BD9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1422270247.0000000000BD9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD9000
|
| Size: |
4096
|
|
|
34CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790807892.00000000034CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34CE000
|
| Size: |
8192
|
|
|
348000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000000.1375189278.0000000000348000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
348000
|
| Size: |
4096
|
|
|
973000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3788101303.0000000000973000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
973000
|
| Size: |
20480
|
|
|
3ECE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791202724.0000000003ECE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ECE000
|
| Size: |
8192
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1561009001.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
2E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790162093.0000000002E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E6E000
|
| Size: |
8192
|
|
|
12ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789735499.00000000012ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12ED000
|
| Size: |
4096
|
|
|
BE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1422270247.0000000000BE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE1000
|
| Size: |
8192
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1561115263.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
461F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792022381.000000000461F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
461F000
|
| Size: |
4096
|
|
|
880000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363407853.0000000000880000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
880000
|
| Size: |
20480
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394809975.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1382913254.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
2FFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790627645.0000000002FFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FFF000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1381195814.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
B0A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3788503404.0000000000B0A000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
B0A000
|
| Size: |
884736
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
C37000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3788527005.0000000000C37000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C37000
|
| Size: |
4096
|
|
|
49DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792392345.00000000049DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49DF000
|
| Size: |
4096
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468923588.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
4B60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793135946.0000000004B60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B60000
|
| Size: |
4096
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1381146230.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
4B20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3792901835.0000000004B20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B20000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1392460607.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1324886861.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421449164.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549661496.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
12288
|
|
|
523F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792907089.000000000523F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
523F000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1325138734.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
43CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791921676.00000000043CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43CE000
|
| Size: |
8192
|
|
|
284E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790010875.000000000284E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
284E000
|
| Size: |
8192
|
|
|
348000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3788574573.0000000000348000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
348000
|
| Size: |
12288
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1542525026.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467103436.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
3D0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791326747.0000000003D0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D0E000
|
| Size: |
8192
|
|
|
3240000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364343124.0000000003240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3240000
|
| Size: |
4096
|
|
|
5310000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549711356.0000000005310000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5310000
|
| Size: |
8192
|
|
|
12F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789735499.00000000012F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12F5000
|
| Size: |
16384
|
|
|
506E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3794031385.000000000506E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
506E000
|
| Size: |
8192
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393316755.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
53D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3793987332.00000000053D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53D0000
|
| Size: |
4096
|
|
|
12A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789735499.00000000012A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A0000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547791485.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421786134.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468593666.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
607000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3788481819.0000000000607000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
607000
|
| Size: |
4096
|
|
|
5399000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3793586510.0000000005399000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5399000
|
| Size: |
2002944
|
|
|
388E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791122075.000000000388E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
388E000
|
| Size: |
8192
|
|
|
3EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791476231.0000000003EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EDE000
|
| Size: |
8192
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547860504.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
4BF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793651544.0000000004BF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BF0000
|
| Size: |
4096
|
|
|
52A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793104546.00000000052A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52A0000
|
| Size: |
4096
|
|
|
4C40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394979759.0000000004C40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C40000
|
| Size: |
8192
|
|
|
410F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791329586.000000000410F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
410F000
|
| Size: |
4096
|
|
|
348F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790455657.000000000348F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
348F000
|
| Size: |
4096
|
|
|
4B90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793303527.0000000004B90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B90000
|
| Size: |
4096
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1466165681.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
2E4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790337571.0000000002E4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E4F000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467221715.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
403F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792055612.000000000403F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
403F000
|
| Size: |
4096
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394766290.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
7AD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3789438907.00000000007AD000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7AD000
|
| Size: |
4096
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468556109.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
424F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791777249.000000000424F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
424F000
|
| Size: |
4096
|
|
|
573E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3794625731.000000000573E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
573E000
|
| Size: |
8192
|
|
|
3A4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791037284.0000000003A4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A4F000
|
| Size: |
4096
|
|
|
2F4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790216197.0000000002F4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F4E000
|
| Size: |
8192
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1381144816.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
390F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790949032.000000000390F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
390F000
|
| Size: |
4096
|
|
|
27CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789915972.00000000027CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
27CE000
|
| Size: |
8192
|
|
|
4C20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793812197.0000000004C20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C20000
|
| Size: |
4096
|
|
|
D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789528343.0000000000D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D8E000
|
| Size: |
8192
|
|
|
3F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791667216.0000000003F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F8E000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1324904359.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
385F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790950113.000000000385F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
385F000
|
| Size: |
4096
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460327904.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
52B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3792793401.00000000052B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52B0000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421636688.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
4C61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480827920.0000000004C61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C61000
|
| Size: |
4096
|
|
|
1478000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790015018.0000000001478000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1478000
|
| Size: |
167936
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2FDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790373298.0000000002FDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FDF000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480622759.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
211000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1375110445.0000000000211000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
211000
|
| Size: |
593920
|
|
|
438F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791870564.000000000438F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
438F000
|
| Size: |
4096
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1462633581.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
BE9000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3788503404.0000000000BE9000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BE9000
|
| Size: |
114688
|
|
|
116D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789533093.000000000116D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
116D000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1548059186.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
280E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789958838.000000000280E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
280E000
|
| Size: |
8192
|
|
|
30CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790503751.00000000030CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30CF000
|
| Size: |
4096
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1390216812.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1379960812.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
5270000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3792574098.0000000005270000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5270000
|
| Size: |
4096
|
|
|
4BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792915692.0000000004BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BCF000
|
| Size: |
4096
|
|
|
C38000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000002.3789230368.0000000000C38000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C38000
|
| Size: |
1724416
|
|
|
3C0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790989233.0000000003C0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C0F000
|
| Size: |
4096
|
|
|
327F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790830361.000000000327F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
327F000
|
| Size: |
4096
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1546155712.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
4B40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793011712.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B40000
|
| Size: |
4096
|
|
|
5190000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3793193211.0000000005190000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5190000
|
| Size: |
12288
|
|
|
49BD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792735405.00000000049BD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49BD000
|
| Size: |
12288
|
|
|
2ED0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790291786.0000000002ED0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2ED0000
|
| Size: |
16384
|
|
|
3B8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791129660.0000000003B8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B8F000
|
| Size: |
4096
|
|
|
5350000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793819013.0000000005350000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
368F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790770133.000000000368F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
368F000
|
| Size: |
4096
|
|
|
407E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792132024.000000000407E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
407E000
|
| Size: |
8192
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1386669472.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
384F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791075942.000000000384F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
384F000
|
| Size: |
4096
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1323394662.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421429603.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1541194718.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
361E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790809280.000000000361E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
361E000
|
| Size: |
8192
|
|
|
56AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3794439854.00000000056AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56AE000
|
| Size: |
8192
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1389905218.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
4A0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3792046016.0000000004A0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A0E000
|
| Size: |
8192
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468948684.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
B3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789534947.0000000000B3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3D000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2F07000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790127628.0000000002F07000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F07000
|
| Size: |
12288
|
|
|
32BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790861453.00000000032BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32BE000
|
| Size: |
8192
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1388382075.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
3ACF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791253392.0000000003ACF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ACF000
|
| Size: |
4096
|
|
|
4B00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393478488.0000000004B00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B00000
|
| Size: |
8192
|
|
|
325E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790545081.000000000325E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
325E000
|
| Size: |
8192
|
|
|
840000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000A.00000000.1535213467.0000000000840000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
840000
|
| Size: |
4096
|
|
|
4C61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480804168.0000000004C61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C61000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1379869275.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
600000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363283322.0000000000600000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
600000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1324921913.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
453F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792601650.000000000453F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
453F000
|
| Size: |
4096
|
|
|
13BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3789788233.00000000013BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13BF000
|
| Size: |
4096
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1387923826.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
2940000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789975765.0000000002940000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2940000
|
| Size: |
16384
|
|
|
5390000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3794025750.0000000005390000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5390000
|
| Size: |
4096
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1321623256.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393363886.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
4631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421982781.0000000004631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4631000
|
| Size: |
4096
|
|
|
52E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3792973373.00000000052E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52E0000
|
| Size: |
4096
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549498144.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
2B7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790358435.0000000002B7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B7F000
|
| Size: |
4096
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549402676.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
4D11000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1561252725.0000000004D11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D11000
|
| Size: |
4096
|
|
|
53E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3794028581.00000000053E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53E0000
|
| Size: |
4096
|
|
|
3E4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791473209.0000000003E4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E4E000
|
| Size: |
8192
|
|
|
3D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791119847.0000000003D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D8E000
|
| Size: |
8192
|
|
|
4CE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3792999010.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
5330000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3793413254.0000000005330000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5330000
|
| Size: |
4096
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394892143.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
12288
|
|
|
450E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791637531.000000000450E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
450E000
|
| Size: |
8192
|
|
|
4BE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793570684.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BE0000
|
| Size: |
4096
|
|
|
2F8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790413079.0000000002F8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F8F000
|
| Size: |
4096
|
|
|
DDD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3789462187.0000000000DDD000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DDD000
|
| Size: |
4096
|
|
|
3ECE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791528472.0000000003ECE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ECE000
|
| Size: |
8192
|
|
|
4C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792961873.0000000004C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C0E000
|
| Size: |
8192
|
|
|
375E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790903737.000000000375E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
375E000
|
| Size: |
8192
|
|
|
34C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3788634361.000000000034C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
34C000
|
| Size: |
1617920
|
|
|
39DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791070978.00000000039DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39DE000
|
| Size: |
8192
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468702770.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789661923.0000000000DF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DF0000
|
| Size: |
32768
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1362443914.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4BD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793517060.0000000004BD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BD0000
|
| Size: |
4096
|
|
|
5B9000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3788481819.00000000005B9000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5B9000
|
| Size: |
114688
|
|
|
4B0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3792135453.0000000004B0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B0F000
|
| Size: |
4096
|
|
|
3D4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791071568.0000000003D4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D4F000
|
| Size: |
4096
|
|
|
978000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3788453377.0000000000978000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
978000
|
| Size: |
12288
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1560959069.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
2C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790211318.0000000002C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C0E000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1362492719.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
14BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1561636088.00000000014BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14BA000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790166704.0000000002BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BCF000
|
| Size: |
4096
|
|
|
3C0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791327648.0000000003C0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C0F000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393029163.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
348F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790758684.000000000348F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
348F000
|
| Size: |
4096
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1465694156.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
33A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364384914.00000000033A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33A0000
|
| Size: |
36864
|
|
|
4A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792820250.0000000004A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A8F000
|
| Size: |
4096
|
|
|
4D40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3793322312.0000000004D40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D40000
|
| Size: |
8192
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421488580.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480594919.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
380E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790902847.000000000380E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
380E000
|
| Size: |
8192
|
|
|
371F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790858096.000000000371F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
371F000
|
| Size: |
4096
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3792627080.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
97C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3788503404.000000000097C000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
97C000
|
| Size: |
1617920
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1331693802.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1320101630.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
4D30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3793268631.0000000004D30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D30000
|
| Size: |
4096
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3793381793.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
43CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791524907.00000000043CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43CE000
|
| Size: |
8192
|
|
|
460F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791689879.000000000460F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
460F000
|
| Size: |
4096
|
|
|
5330000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793733084.0000000005330000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5330000
|
| Size: |
4096
|
|
|
820000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3788016037.0000000000820000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
820000
|
| Size: |
4096
|
|
|
4B4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3792211418.0000000004B4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B4E000
|
| Size: |
8192
|
|
|
4D60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3793436180.0000000004D60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D60000
|
| Size: |
4096
|
|
|
2ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790127080.0000000002ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ACE000
|
| Size: |
8192
|
|
|
52C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3792858942.00000000052C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52C0000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393124114.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
399F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791025462.000000000399F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
399F000
|
| Size: |
4096
|
|
|
690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363332228.0000000000690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
690000
|
| Size: |
20480
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1392733668.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
2870000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790135967.0000000002870000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2870000
|
| Size: |
16384
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468399950.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
8192
|
|
|
4630000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3792240744.0000000004630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
4096
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547045401.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421343482.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
49152
|
|
|
13D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1365041119.00000000013D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D0000
|
| Size: |
4096
|
|
|
343000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3788080872.0000000000343000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
343000
|
| Size: |
20480
|
|
|
39FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791474280.00000000039FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39FF000
|
| Size: |
4096
|
|
|
310E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790546954.000000000310E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
310E000
|
| Size: |
8192
|
|
|
105C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789459077.000000000105C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
105C000
|
| Size: |
16384
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1390016120.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
4C30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394958567.0000000004C30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C30000
|
| Size: |
4096
|
|
|
377F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791228931.000000000377F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
377F000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1360491821.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
489F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792293842.000000000489F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
489F000
|
| Size: |
4096
|
|
|
358E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790726965.000000000358E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
358E000
|
| Size: |
8192
|
|
|
353E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791070283.000000000353E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
353E000
|
| Size: |
8192
|
|
|
4BC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793478669.0000000004BC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BC0000
|
| Size: |
4096
|
|
|
494F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792708674.000000000494F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
494F000
|
| Size: |
4096
|
|
|
53B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3794161971.00000000053B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
53B8000
|
| Size: |
2002944
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1319943677.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1324940296.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4C00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793704580.0000000004C00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C00000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1363530843.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4CD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3792946235.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CD0000
|
| Size: |
4096
|
|
|
334F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790364659.000000000334F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
334F000
|
| Size: |
4096
|
|
|
348000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3788429281.0000000000348000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
348000
|
| Size: |
12288
|
|
|
35CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790547780.00000000035CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35CF000
|
| Size: |
4096
|
|
|
132E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789654728.000000000132E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
132E000
|
| Size: |
8192
|
|
|
50F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467905193.00000000050F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
50F0000
|
| Size: |
53248
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1540646604.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
978000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3788476459.0000000000978000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
978000
|
| Size: |
12288
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1332080196.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1384630825.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
3D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791446821.0000000003D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D8E000
|
| Size: |
8192
|
|
|
4A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1388169849.0000000004A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A70000
|
| Size: |
180224
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394700891.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
841000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000A.00000000.1535318203.0000000000841000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
841000
|
| Size: |
593920
|
|
|
4C61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480750468.0000000004C61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C61000
|
| Size: |
4096
|
|
|
3D4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791398093.0000000003D4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D4F000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1360759254.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
53A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3794089756.00000000053A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53A0000
|
| Size: |
4096
|
|
|
DD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789611139.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
DD0000
|
| Size: |
12288
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1465068993.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
474F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791794226.000000000474F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
474F000
|
| Size: |
4096
|
|
|
37CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790859215.00000000037CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37CF000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1363550703.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
511B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3792468707.000000000511B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
511B000
|
| Size: |
20480
|
|
|
4D11000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1561277237.0000000004D11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D11000
|
| Size: |
4096
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394590832.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
E43000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789661923.0000000000E43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E43000
|
| Size: |
12288
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547894302.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
5090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1322319604.0000000005090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5090000
|
| Size: |
176128
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1540665020.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
10FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3789536237.00000000010FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10FD000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3E8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791480009.0000000003E8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E8F000
|
| Size: |
4096
|
|
|
5F8000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3788634361.00000000005F8000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5F8000
|
| Size: |
40960
|
|
|
4CC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3792888883.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CC0000
|
| Size: |
4096
|
|
|
C21000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3788503404.0000000000C21000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C21000
|
| Size: |
24576
|
|
|
C08000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3788479543.0000000000C08000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C08000
|
| Size: |
40960
|
|
|
484E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792651500.000000000484E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
484E000
|
| Size: |
8192
|
|
|
12E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789735499.00000000012E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12E2000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4C61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480341135.0000000004C61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C61000
|
| Size: |
49152
|
|
|
50CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3792368699.00000000050CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50CE000
|
| Size: |
8192
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480405107.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
2947000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789975765.0000000002947000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2947000
|
| Size: |
12288
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460219137.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1325233200.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
31EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364289816.00000000031EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31EE000
|
| Size: |
8192
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1466901347.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
68F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363315709.000000000068F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
68F000
|
| Size: |
4096
|
|
|
C38000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000008.00000002.3789212329.0000000000C38000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C38000
|
| Size: |
1724416
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1364766274.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
5300000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549690398.0000000005300000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5300000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1360511778.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
320F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790290205.000000000320F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
320F000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1364808067.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421409674.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
5400000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3794159185.0000000005400000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5400000
|
| Size: |
4096
|
|
|
324E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790627773.000000000324E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
324E000
|
| Size: |
8192
|
|
|
5340000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793768741.0000000005340000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5340000
|
| Size: |
4096
|
|
|
BC9000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3788479543.0000000000BC9000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BC9000
|
| Size: |
114688
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421509769.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
4D11000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1560876058.0000000004D11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D11000
|
| Size: |
49152
|
|
|
2EBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790549549.0000000002EBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EBF000
|
| Size: |
4096
|
|
|
34DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790717421.00000000034DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34DE000
|
| Size: |
8192
|
|
|
2EB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790248728.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EB0000
|
| Size: |
4096
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549614349.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467066374.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1389779771.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
241664
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1388043430.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
5230000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1332632021.0000000005230000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5230000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547912205.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1388887096.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460757237.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
2850000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790085263.0000000002850000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2850000
|
| Size: |
4096
|
|
|
C21000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3788527005.0000000000C21000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C21000
|
| Size: |
24576
|
|
|
460F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3792113295.000000000460F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
460F000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1392709610.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1381165885.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
13C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789734640.00000000013C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C6000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3DBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791798067.0000000003DBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DBF000
|
| Size: |
4096
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1380068687.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
5380000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3793544975.0000000005380000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5380000
|
| Size: |
4096
|
|
|
3B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791301282.0000000003B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B0E000
|
| Size: |
8192
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394787875.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
42FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792372801.00000000042FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42FE000
|
| Size: |
8192
|
|
|
44DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791921983.00000000044DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44DF000
|
| Size: |
4096
|
|
|
211000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1374258921.0000000000211000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
211000
|
| Size: |
593920
|
|
|
3C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791373072.0000000003C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C4E000
|
| Size: |
8192
|
|
|
C01000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3788479543.0000000000C01000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C01000
|
| Size: |
24576
|
|
|
210000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1375088183.0000000000210000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
210000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1480473612.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
607000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3788634361.0000000000607000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
607000
|
| Size: |
4096
|
|
|
4C80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3792653675.0000000004C80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C80000
|
| Size: |
4096
|
|
|
1400000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3789833763.0000000001400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1400000
|
| Size: |
4096
|
|
|
4D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3793081273.0000000004D10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
C10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3789459662.0000000000C10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C10000
|
| Size: |
4096
|
|
|
5340000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3793482947.0000000005340000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5340000
|
| Size: |
4096
|
|
|
5250000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1469062765.0000000005250000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5250000
|
| Size: |
4096
|
|
|
43DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791870409.00000000043DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43DE000
|
| Size: |
8192
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467159263.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
888000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363407853.0000000000888000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
888000
|
| Size: |
118784
|
|
|
820000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363393753.0000000000820000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
820000
|
| Size: |
20480
|
|
|
3ADF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791118132.0000000003ADF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ADF000
|
| Size: |
4096
|
|
|
4D11000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547733352.0000000004D11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D11000
|
| Size: |
233472
|
|
|
4D11000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1561200183.0000000004D11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D11000
|
| Size: |
4096
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1323726866.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1389719643.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3793105374.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
4096
|
|
|
49FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792791441.00000000049FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49FB000
|
| Size: |
20480
|
|
|
3EFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791948527.0000000003EFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EFF000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1362459895.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
2EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1463634437.0000000002EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
53248
|
|
|
4C70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3792599840.0000000004C70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C70000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1324960884.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1389994302.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
4631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421345515.0000000004631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4631000
|
| Size: |
49152
|
|
|
1450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1540758915.0000000001450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
53248
|
|
|
50A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1463273748.00000000050A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50A0000
|
| Size: |
172032
|
|
|
3CCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791257980.0000000003CCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CCF000
|
| Size: |
4096
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468897991.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
C37000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3788503404.0000000000C37000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C37000
|
| Size: |
4096
|
|
|
958000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3788426420.0000000000958000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
958000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
568E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3794064290.000000000568E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
568E000
|
| Size: |
8192
|
|
|
384F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790733919.000000000384F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
384F000
|
| Size: |
4096
|
|
|
3A3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791527301.0000000003A3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A3E000
|
| Size: |
8192
|
|
|
2877000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790135967.0000000002877000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2877000
|
| Size: |
12288
|
|
|
5290000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3792686645.0000000005290000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5290000
|
| Size: |
4096
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1381730000.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
4C20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3792504782.0000000004C20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C20000
|
| Size: |
4096
|
|
|
3FDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791525043.0000000003FDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FDF000
|
| Size: |
4096
|
|
|
475F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792185530.000000000475F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
475F000
|
| Size: |
4096
|
|
|
3D5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791331793.0000000003D5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D5F000
|
| Size: |
4096
|
|
|
320F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790584579.000000000320F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
320F000
|
| Size: |
4096
|
|
|
2ED7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790291786.0000000002ED7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2ED7000
|
| Size: |
12288
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1379850555.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
DD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1391168825.0000000000DD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
DD0000
|
| Size: |
53248
|
|
|
3DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791858677.0000000003DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DFE000
|
| Size: |
8192
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393236754.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
498E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792765330.000000000498E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
498E000
|
| Size: |
8192
|
|
|
37BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791283272.00000000037BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37BE000
|
| Size: |
8192
|
|
|
479E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792238764.000000000479E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
479E000
|
| Size: |
8192
|
|
|
398E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790822601.000000000398E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
398E000
|
| Size: |
8192
|
|
|
3D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791395481.0000000003D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D9E000
|
| Size: |
8192
|
|
|
1447000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3789929977.0000000001447000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1447000
|
| Size: |
12288
|
|
|
429D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791773732.000000000429D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
429D000
|
| Size: |
12288
|
|
|
3B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790951355.0000000003B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B0E000
|
| Size: |
8192
|
|
|
4AC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1393370988.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4AC0000
|
| Size: |
53248
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1319925738.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
374E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3791034531.000000000374E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
374E000
|
| Size: |
8192
|
|
|
5F1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3788481819.00000000005F1000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5F1000
|
| Size: |
24576
|
|
|
52DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3793308453.00000000052DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52DF000
|
| Size: |
4096
|
|
|
5300000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793514587.0000000005300000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5300000
|
| Size: |
4096
|
|
|
5280000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000003.1468762891.0000000005280000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5280000
|
| Size: |
4096
|
|
|
4B50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793078900.0000000004B50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B50000
|
| Size: |
4096
|
|
|
4D11000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1561326159.0000000004D11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D11000
|
| Size: |
4096
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1323002233.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
425F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3791722132.000000000425F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
425F000
|
| Size: |
4096
|
|
|
4C61000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460033910.0000000004C61000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C61000
|
| Size: |
49152
|
|
|
1030000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789857183.0000000001030000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1030000
|
| Size: |
4096
|
|
|
4D11000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1540507300.0000000004D11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D11000
|
| Size: |
49152
|
|
|
52E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793383717.00000000052E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52E0000
|
| Size: |
4096
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549447741.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1364724998.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
4C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1394747643.0000000004C50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C50000
|
| Size: |
4096
|
|
|
B0A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3788527005.0000000000B0A000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
B0A000
|
| Size: |
884736
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467315542.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
4C51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1324851667.0000000004C51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C51000
|
| Size: |
237568
|
|
|
4B70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793190695.0000000004B70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B70000
|
| Size: |
4096
|
|
|
3FCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791253205.0000000003FCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FCF000
|
| Size: |
4096
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1364583589.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
298C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3790049734.000000000298C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
298C000
|
| Size: |
16384
|
|
|
443E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792530034.000000000443E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
443E000
|
| Size: |
8192
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1389822593.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
95C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3788479543.000000000095C000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
95C000
|
| Size: |
1617920
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000003.1549542462.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
48CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791944445.00000000048CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48CE000
|
| Size: |
8192
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1421376240.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
A3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789486571.0000000000A3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A3C000
|
| Size: |
16384
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467032631.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421828110.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
4096
|
|
|
2E9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790053638.0000000002E9B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E9B000
|
| Size: |
20480
|
|
|
958000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1313993452.0000000000958000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
958000
|
| Size: |
4096
|
|
|
51DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3793242698.00000000051DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51DB000
|
| Size: |
20480
|
|
|
46CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792459097.00000000046CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46CF000
|
| Size: |
4096
|
|
|
157F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3789981235.000000000157F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
157F000
|
| Size: |
4096
|
|
|
4A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792456785.0000000004A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A1E000
|
| Size: |
8192
|
|
|
5596000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1361516053.0000000005596000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5596000
|
| Size: |
524288
|
|
|
303E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790674701.000000000303E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
303E000
|
| Size: |
8192
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1467142897.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1331563674.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1364748084.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
C17000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3788479543.0000000000C17000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C17000
|
| Size: |
4096
|
|
|
53C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3793936296.00000000053C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53C0000
|
| Size: |
4096
|
|
|
3B3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791577647.0000000003B3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B3F000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1381211006.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1390743296.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
317E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3790779432.000000000317E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
317E000
|
| Size: |
8192
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1560906106.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
126E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3789665757.000000000126E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
126E000
|
| Size: |
8192
|
|
|
34C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3788481819.000000000034C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
34C000
|
| Size: |
1617920
|
|
|
4541000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1379811839.0000000004541000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4541000
|
| Size: |
49152
|
|
|
38FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791402840.00000000038FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38FE000
|
| Size: |
8192
|
|
|
32C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364363338.00000000032C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32C0000
|
| Size: |
20480
|
|
|
C44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1421471673.0000000000C44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C44000
|
| Size: |
4096
|
|
|
4AFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3792849095.0000000004AFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AFF000
|
| Size: |
4096
|
|
|
5320000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793679914.0000000005320000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
4620000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1387655540.0000000004620000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4620000
|
| Size: |
53248
|
|
|
33AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1364384914.00000000033AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33AB000
|
| Size: |
106496
|
|
|
448E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3792267202.000000000448E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
448E000
|
| Size: |
8192
|
|
|
3F4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3791575158.0000000003F4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F4F000
|
| Size: |
4096
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460073020.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
4B10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393284615.0000000004B10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B10000
|
| Size: |
4096
|
|
|
5448000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3794322478.0000000005448000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5448000
|
| Size: |
2002944
|
|
|
3B7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3791625117.0000000003B7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B7E000
|
| Size: |
8192
|
|
|
BA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3789574147.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA0000
|
| Size: |
36864
|
|
|
11D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1460200433.00000000011D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D4000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1392761189.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
4C60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3792674454.0000000004C60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C60000
|
| Size: |
4096
|
|
|
4DA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3788634361.00000000004DA000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
4DA000
|
| Size: |
884736
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
11E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789608959.00000000011E0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
4096
|
|
|
44CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791579386.00000000044CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44CF000
|
| Size: |
4096
|
|
|
52D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3793328318.00000000052D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52D0000
|
| Size: |
4096
|
|
|
DDD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.3789441990.0000000000DDD000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DDD000
|
| Size: |
4096
|
|
|
7AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363349983.00000000007AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7AE000
|
| Size: |
8192
|
|
|
2EE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1320706007.0000000002EE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
53248
|
|
|
12AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789735499.00000000012AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12AA000
|
| Size: |
8192
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1331803988.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
4096
|
|
|
5410000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3794206716.0000000005410000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5410000
|
| Size: |
8192
|
|
|
339E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790630793.000000000339E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
339E000
|
| Size: |
8192
|
|
|
521F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3792528624.000000000521F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
521F000
|
| Size: |
4096
|
|
|
53A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3793815963.00000000053A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53A0000
|
| Size: |
4096
|
|
|
64E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1363300239.000000000064E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
64E000
|
| Size: |
8192
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1381374059.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
3E8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791164124.0000000003E8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E8F000
|
| Size: |
4096
|
|
|
349F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3790674826.000000000349F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
349F000
|
| Size: |
4096
|
|
|
106C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789488645.000000000106C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
106C000
|
| Size: |
16384
|
|
|
52D2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1548941705.00000000052D2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
52D2000
|
| Size: |
16384
|
|
|
559C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1360854557.000000000559C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
559C000
|
| Size: |
524288
|
|
|
4D11000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1561301701.0000000004D11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D11000
|
| Size: |
4096
|
|
|
4D11000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1561229013.0000000004D11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D11000
|
| Size: |
4096
|
|
|
608000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.3789199612.0000000000608000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
608000
|
| Size: |
1724416
|
|
|
C17000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1314011849.0000000000C17000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C17000
|
| Size: |
1732608
|
|
|
2E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790023837.0000000002E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E5E000
|
| Size: |
8192
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1547773382.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1389667471.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1364789435.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
11F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3789651664.00000000011F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11F0000
|
| Size: |
4096
|
|
|
97C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.3788527005.000000000097C000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
97C000
|
| Size: |
1617920
|
|
|
C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1388989304.0000000000C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C20000
|
| Size: |
53248
|
|
|
5260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1332562611.0000000005260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5260000
|
| Size: |
12288
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1548020167.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
12B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1540627691.00000000012B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B4000
|
| Size: |
4096
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3793411988.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
4096
|
|
|
D14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1392573697.0000000000D14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D14000
|
| Size: |
4096
|
|
|
400E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3791302235.000000000400E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
400E000
|
| Size: |
8192
|
|
|
394E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.3790986232.000000000394E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
394E000
|
| Size: |
8192
|
|
|
1214000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1362398064.0000000001214000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1214000
|
| Size: |
4096
|
|
|
2F00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3790127628.0000000002F00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F00000
|
| Size: |
16384
|
|
|
2850000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1393524948.0000000002850000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2850000
|
| Size: |
4096
|
|
