|
D21000
|
unkown
|
page execute and read and write
|
 |
|
|
| Name: |
00000000.00000002.4145669550.0000000000D21000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D21000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
55E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1709813394.00000000055E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
55E0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2C1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4146167296.00000000002C1000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
2C1000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2C1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4146169733.00000000002C1000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
2C1000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4E60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856862638.0000000004E60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E60000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
52E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1776987778.00000000052E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
52E0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4B80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1935348315.0000000004B80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B80000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
A21000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4145632604.0000000000A21000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A21000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
A21000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4145805846.0000000000A21000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A21000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4DF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1776201948.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4DF0000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RisePro Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1794707673.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
4D90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4154047277.0000000004D90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D90000
|
| Size: |
4096
|
|
|
1867000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147804202.0000000001867000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1867000
|
| Size: |
4096
|
|
|
480F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151321039.000000000480F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
480F000
|
| Size: |
4096
|
|
|
49DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151489679.00000000049DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49DE000
|
| Size: |
8192
|
|
|
16D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1795429376.00000000016D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16D1000
|
| Size: |
8192
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857738799.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
12288
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1768809567.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1738358877.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710381018.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
385F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148779651.000000000385F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
385F000
|
| Size: |
4096
|
|
|
2E2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151094660.0000000002E2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E2E000
|
| Size: |
8192
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935717493.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
8192
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1932120274.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
50F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4154034651.00000000050F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50F0000
|
| Size: |
4096
|
|
|
330F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148217270.000000000330F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
330F000
|
| Size: |
4096
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1771082118.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
55DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4152377135.00000000055DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55DE000
|
| Size: |
8192
|
|
|
5860000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4153430820.0000000005860000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5860000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1762166176.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
32CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148760376.00000000032CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32CF000
|
| Size: |
4096
|
|
|
32EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151525931.00000000032EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32EF000
|
| Size: |
4096
|
|
|
1050000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148757849.0000000001050000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1050000
|
| Size: |
4096
|
|
|
465E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152693814.000000000465E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
465E000
|
| Size: |
8192
|
|
|
3E9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151957388.0000000003E9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E9F000
|
| Size: |
4096
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1773749826.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
3357000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148313446.0000000003357000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3357000
|
| Size: |
12288
|
|
|
FA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1876707040.0000000000FA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA6000
|
| Size: |
8192
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854073910.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
E1A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4145840458.0000000000E1A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E1A000
|
| Size: |
4096
|
|
|
9FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148456840.00000000009FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FD000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4E60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856045295.0000000004E60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E60000
|
| Size: |
53248
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855105565.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
461F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151127536.000000000461F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
461F000
|
| Size: |
4096
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1794817003.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1773969315.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1699327753.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148560675.0000000000D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D9E000
|
| Size: |
8192
|
|
|
306E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4147966428.000000000306E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
306E000
|
| Size: |
8192
|
|
|
4D9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151876240.0000000004D9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D9F000
|
| Size: |
4096
|
|
|
A10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4145743918.0000000000A10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A10000
|
| Size: |
4096
|
|
|
49E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4153037350.00000000049E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49E0000
|
| Size: |
4096
|
|
|
3E4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4149158796.0000000003E4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E4E000
|
| Size: |
8192
|
|
|
57B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4152806592.00000000057B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1773564739.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
411F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150695787.000000000411F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
411F000
|
| Size: |
4096
|
|
|
66B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4147307095.000000000066B000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
66B000
|
| Size: |
102400
|
|
|
1510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4147693768.0000000001510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1510000
|
| Size: |
16384
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1761997097.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
389E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148826862.000000000389E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
389E000
|
| Size: |
8192
|
|
|
3A8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148811008.0000000003A8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A8E000
|
| Size: |
8192
|
|
|
46F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947824709.00000000046F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
4096
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935841601.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710352572.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
425F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150797503.000000000425F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
425F000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1695266445.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
5500000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153149460.0000000005500000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5500000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1844618372.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
2BAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4150802688.0000000002BAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BAE000
|
| Size: |
8192
|
|
|
3F4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151014812.0000000003F4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F4F000
|
| Size: |
4096
|
|
|
D20000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1689167354.0000000000D20000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D20000
|
| Size: |
4096
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1773524161.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
4FB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152474079.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FB0000
|
| Size: |
4096
|
|
|
46F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947866238.00000000046F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
4096
|
|
|
11AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4147850074.00000000011AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11AA000
|
| Size: |
8192
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1771012363.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1925072801.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
562B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4152514452.000000000562B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
562B000
|
| Size: |
20480
|
|
|
F30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148875338.0000000000F30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F30000
|
| Size: |
4096
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1762889342.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1760680424.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1778941346.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779106416.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857533846.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
16C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4147764213.00000000016C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C7000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148665081.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC0000
|
| Size: |
16384
|
|
|
F89000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148938152.0000000000F89000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F89000
|
| Size: |
4096
|
|
|
4DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1767352522.0000000004DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DA0000
|
| Size: |
184320
|
|
|
2BBC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148149134.0000000002BBC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BBC000
|
| Size: |
16384
|
|
|
2D50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150347014.0000000002D50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D50000
|
| Size: |
16384
|
|
|
45CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151635196.00000000045CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45CE000
|
| Size: |
8192
|
|
|
50D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153958410.00000000050D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50D0000
|
| Size: |
8192
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1875918772.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
430F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4150740337.000000000430F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
430F000
|
| Size: |
4096
|
|
|
4CE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153700758.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1708041802.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1851616991.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
5740000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710469650.0000000005740000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5740000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947395005.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933708056.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
49E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1876191997.00000000049E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49E1000
|
| Size: |
4096
|
|
|
50A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153864028.00000000050A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50A0000
|
| Size: |
4096
|
|
|
11AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4147850074.00000000011AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11AD000
|
| Size: |
184320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
415E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150742675.000000000415E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
415E000
|
| Size: |
8192
|
|
|
55A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1699975428.00000000055A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55A0000
|
| Size: |
180224
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947590932.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1795079770.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4F70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1779154342.0000000004F70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F70000
|
| Size: |
8192
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1846544773.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
5830000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4153270690.0000000005830000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5830000
|
| Size: |
4096
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1763536035.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
408F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151141703.000000000408F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
408F000
|
| Size: |
4096
|
|
|
375E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148707247.000000000375E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
375E000
|
| Size: |
8192
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947440171.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
4EDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4152032761.0000000004EDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4EDF000
|
| Size: |
4096
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1773357669.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
430F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151344719.000000000430F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
430F000
|
| Size: |
4096
|
|
|
3FC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4147307095.00000000003FC000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3FC000
|
| Size: |
1601536
|
|
|
B53000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4145632604.0000000000B53000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
B53000
|
| Size: |
20480
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1778980299.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933564137.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
3CEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152477030.0000000003CEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CEF000
|
| Size: |
4096
|
|
|
3FC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4147310163.00000000003FC000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3FC000
|
| Size: |
1601536
|
|
|
1869000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1738671738.0000000001869000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1869000
|
| Size: |
4096
|
|
|
4D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4152146878.0000000004D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D4E000
|
| Size: |
8192
|
|
|
5580000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153603608.0000000005580000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5580000
|
| Size: |
4096
|
|
|
6AC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4147310163.00000000006AC000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6AC000
|
| Size: |
36864
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152695083.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
6A0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4147310163.00000000006A0000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6A0000
|
| Size: |
45056
|
|
|
3A6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152260375.0000000003A6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A6F000
|
| Size: |
4096
|
|
|
5070000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153750687.0000000005070000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5070000
|
| Size: |
4096
|
|
|
501F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4152149098.000000000501F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
501F000
|
| Size: |
4096
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779334570.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
12288
|
|
|
375E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151295742.000000000375E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
375E000
|
| Size: |
8192
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1698556742.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
3BAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152366048.0000000003BAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BAF000
|
| Size: |
4096
|
|
|
11A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4147850074.00000000011A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11A0000
|
| Size: |
32768
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855148307.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
5790000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4152687147.0000000005790000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5790000
|
| Size: |
4096
|
|
|
532B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4152479160.000000000532B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
532B000
|
| Size: |
20480
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1736486965.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
5050000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153640771.0000000005050000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5050000
|
| Size: |
4096
|
|
|
4C9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151805633.0000000004C9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C9E000
|
| Size: |
8192
|
|
|
5750000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710442940.0000000005750000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5750000
|
| Size: |
4096
|
|
|
E1A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1755280575.0000000000E1A000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
E1A000
|
| Size: |
1740800
|
|
|
55E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1709622827.00000000055E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
55E0000
|
| Size: |
53248
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1773780417.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
B5C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4145840458.0000000000B5C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
B5C000
|
| Size: |
1601536
|
|
|
DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148609821.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA0000
|
| Size: |
4096
|
|
|
4DF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1774772278.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4DF0000
|
| Size: |
53248
|
|
|
3E4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150951165.0000000003E4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E4E000
|
| Size: |
8192
|
|
|
49E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1876388075.00000000049E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49E1000
|
| Size: |
4096
|
|
|
FC2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4147456894.0000000000FC2000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FC2000
|
| Size: |
4096
|
|
|
371F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151225854.000000000371F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
371F000
|
| Size: |
4096
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935761646.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
8FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4145579790.00000000008FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8FD000
|
| Size: |
12288
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1794772068.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
55E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4152424609.00000000055E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
55E0000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
35AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151811563.00000000035AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35AE000
|
| Size: |
8192
|
|
|
3E9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150481453.0000000003E9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E9F000
|
| Size: |
4096
|
|
|
356F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151753994.000000000356F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
356F000
|
| Size: |
4096
|
|
|
41CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151225780.00000000041CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41CF000
|
| Size: |
4096
|
|
|
4E60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856642177.0000000004E60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E60000
|
| Size: |
53248
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1924493965.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
862000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4148165343.0000000000862000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
862000
|
| Size: |
4096
|
|
|
13D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147667797.00000000013D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D0000
|
| Size: |
4096
|
|
|
4EAC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4153206027.0000000004EAC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4EAC000
|
| Size: |
16384
|
|
|
2BDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148989968.0000000002BDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BDE000
|
| Size: |
8192
|
|
|
4E51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1774129913.0000000004E51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E51000
|
| Size: |
245760
|
|
|
451E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151069220.000000000451E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
451E000
|
| Size: |
8192
|
|
|
E00000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4145840458.0000000000E00000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E00000
|
| Size: |
45056
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779191244.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
358E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148414941.000000000358E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
358E000
|
| Size: |
8192
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1875810343.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710291664.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1779001299.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
5010000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153428892.0000000005010000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5010000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1734112123.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
385F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151347908.000000000385F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
385F000
|
| Size: |
4096
|
|
|
2B7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148106150.0000000002B7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B7E000
|
| Size: |
8192
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933659931.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
6A0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4147307095.00000000006A0000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6A0000
|
| Size: |
45056
|
|
|
4E51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1795193422.0000000004E51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E51000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1708027377.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
B53000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4145805846.0000000000B53000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
B53000
|
| Size: |
20480
|
|
|
432F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153036702.000000000432F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
432F000
|
| Size: |
4096
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857288641.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
8192
|
|
|
E00000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4145995268.0000000000E00000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E00000
|
| Size: |
45056
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1795139144.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
37EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152038889.00000000037EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37EF000
|
| Size: |
4096
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1848992988.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855077451.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1774367649.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
489F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151368160.000000000489F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
489F000
|
| Size: |
4096
|
|
|
446F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153153696.000000000446F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
446F000
|
| Size: |
4096
|
|
|
5040000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152981942.0000000005040000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5040000
|
| Size: |
4096
|
|
|
3E0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150913820.0000000003E0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E0F000
|
| Size: |
4096
|
|
|
E53000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4145669550.0000000000E53000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E53000
|
| Size: |
20480
|
|
|
35DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148558312.00000000035DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35DF000
|
| Size: |
4096
|
|
|
408F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4150473252.000000000408F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
408F000
|
| Size: |
4096
|
|
|
2DEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151028655.0000000002DEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DEF000
|
| Size: |
4096
|
|
|
1810000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147804202.0000000001810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1810000
|
| Size: |
32768
|
|
|
E0C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4145995268.0000000000E0C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E0C000
|
| Size: |
36864
|
|
|
3B8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148869362.0000000003B8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B8E000
|
| Size: |
8192
|
|
|
4FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4153267276.0000000004FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FAF000
|
| Size: |
4096
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1703497876.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855228037.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
111B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.4147310202.000000000111B000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
111B000
|
| Size: |
1732608
|
|
|
52CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4152359056.00000000052CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52CD000
|
| Size: |
12288
|
|
|
46F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933505297.00000000046F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
249856
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1794753121.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
4A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151565079.0000000004A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A1E000
|
| Size: |
8192
|
|
|
458F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151027255.000000000458F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
458F000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855272131.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1763991822.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
344E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148315014.000000000344E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
344E000
|
| Size: |
8192
|
|
|
401E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150643498.000000000401E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
401E000
|
| Size: |
8192
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1760881886.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1778962987.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
D20000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4145585056.0000000000D20000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D20000
|
| Size: |
4096
|
|
|
479E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152805735.000000000479E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
479E000
|
| Size: |
8192
|
|
|
36CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148505452.00000000036CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36CE000
|
| Size: |
8192
|
|
|
330E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148817818.000000000330E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
330E000
|
| Size: |
8192
|
|
|
3E0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4149105621.0000000003E0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E0F000
|
| Size: |
4096
|
|
|
5820000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4153204235.0000000005820000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5820000
|
| Size: |
4096
|
|
|
3C5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151756691.0000000003C5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C5E000
|
| Size: |
8192
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1767237337.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
4F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4152086403.0000000004F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F1E000
|
| Size: |
8192
|
|
|
10BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148815370.00000000010BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10BE000
|
| Size: |
8192
|
|
|
3AAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152319261.0000000003AAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3AAE000
|
| Size: |
8192
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1704375988.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
40AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152809637.00000000040AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40AF000
|
| Size: |
4096
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1778773937.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
8192
|
|
|
5000000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152749538.0000000005000000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5000000
|
| Size: |
4096
|
|
|
4A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151623085.0000000004A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A8F000
|
| Size: |
4096
|
|
|
2A2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4150544499.0000000002A2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A2F000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1736389210.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
4B80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1935155077.0000000004B80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B80000
|
| Size: |
53248
|
|
|
4B80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1934566249.0000000004B80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B80000
|
| Size: |
53248
|
|
|
31EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148088510.00000000031EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31EE000
|
| Size: |
8192
|
|
|
401E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152154024.000000000401E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
401E000
|
| Size: |
8192
|
|
|
542F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4152566292.000000000542F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
542F000
|
| Size: |
4096
|
|
|
5161000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1707975744.0000000005161000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5161000
|
| Size: |
241664
|
|
|
194E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148214815.000000000194E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
194E000
|
| Size: |
8192
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1778921512.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
2C47000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148300562.0000000002C47000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C47000
|
| Size: |
12288
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1762121288.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935860084.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779127389.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
2A6C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4150638013.0000000002A6C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A6C000
|
| Size: |
16384
|
|
|
57C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4152865442.00000000057C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57C0000
|
| Size: |
4096
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1850214302.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
4E00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4154243274.0000000004E00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E00000
|
| Size: |
8192
|
|
|
F93000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148938152.0000000000F93000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F93000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1738319979.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
585000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4147307095.0000000000585000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
585000
|
| Size: |
913408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
311E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150751788.000000000311E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
311E000
|
| Size: |
8192
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1772000620.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1794755944.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
46CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151694374.00000000046CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46CF000
|
| Size: |
4096
|
|
|
444F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4150888641.000000000444F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
444F000
|
| Size: |
4096
|
|
|
5550000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153432026.0000000005550000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5550000
|
| Size: |
4096
|
|
|
5060000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153696723.0000000005060000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5060000
|
| Size: |
4096
|
|
|
ECF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148722753.0000000000ECF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ECF000
|
| Size: |
4096
|
|
|
2E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150540438.0000000002E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E9E000
|
| Size: |
8192
|
|
|
40CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151179128.00000000040CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40CE000
|
| Size: |
8192
|
|
|
F6B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148938152.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F6B000
|
| Size: |
4096
|
|
|
4E3B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4152207084.0000000004E3B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E3B000
|
| Size: |
20480
|
|
|
4E36000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4154318934.0000000004E36000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E36000
|
| Size: |
2002944
|
|
|
37CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150364278.00000000037CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37CF000
|
| Size: |
4096
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1794732491.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
F50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148938152.0000000000F50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
36864
|
|
|
304F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148556556.000000000304F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
304F000
|
| Size: |
4096
|
|
|
415E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152261569.000000000415E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
415E000
|
| Size: |
8192
|
|
|
57D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4152918594.00000000057D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57D0000
|
| Size: |
4096
|
|
|
4CCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153645516.0000000004CCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CCF000
|
| Size: |
4096
|
|
|
511E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4154483145.000000000511E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
511E000
|
| Size: |
8192
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1762036279.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857677431.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
4E51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1794667734.0000000004E51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E51000
|
| Size: |
49152
|
|
|
CE5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4145995268.0000000000CE5000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CE5000
|
| Size: |
913408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4DDD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4152092410.0000000004DDD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DDD000
|
| Size: |
12288
|
|
|
3D5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151849101.0000000003D5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D5F000
|
| Size: |
4096
|
|
|
4DF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1775703737.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4DF0000
|
| Size: |
53248
|
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779366079.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5460000
|
| Size: |
8192
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1926874612.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
55A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4153724597.00000000055A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55A7000
|
| Size: |
2002944
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1760628256.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
49152
|
|
|
39DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148937525.00000000039DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39DE000
|
| Size: |
8192
|
|
|
339E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148416507.000000000339E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
339E000
|
| Size: |
8192
|
|
|
2C1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000000.1919468606.00000000002C1000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
2C1000
|
| Size: |
593920
|
|
|
12AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148930688.00000000012AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12AF000
|
| Size: |
4096
|
|
|
43DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150954678.00000000043DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43DE000
|
| Size: |
8192
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779309979.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
46F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947315786.00000000046F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
49152
|
|
|
2C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148253818.0000000002C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C3E000
|
| Size: |
8192
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857364452.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933378764.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
4E51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1761921406.0000000004E51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E51000
|
| Size: |
49152
|
|
|
46F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1924314062.00000000046F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
49152
|
|
|
6BB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.4147847240.00000000006BB000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6BB000
|
| Size: |
1732608
|
|
|
5510000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153206606.0000000005510000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5510000
|
| Size: |
4096
|
|
|
A21000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000000.1755175912.0000000000A21000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A21000
|
| Size: |
593920
|
|
|
5B8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4153976089.0000000005B8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B8E000
|
| Size: |
8192
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1734060823.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1761972672.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1769733368.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933546411.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
3C1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151696652.0000000003C1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C1F000
|
| Size: |
4096
|
|
|
4E4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4152210657.0000000004E4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E4F000
|
| Size: |
4096
|
|
|
3BCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150739955.0000000003BCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BCE000
|
| Size: |
8192
|
|
|
3F8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000000.1839224034.00000000003F8000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
3F8000
|
| Size: |
4096
|
|
|
135C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147595739.000000000135C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
135C000
|
| Size: |
16384
|
|
|
306F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151312861.000000000306F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
306F000
|
| Size: |
4096
|
|
|
F91000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148938152.0000000000F91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F91000
|
| Size: |
4096
|
|
|
510F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4154070388.000000000510F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
510F000
|
| Size: |
2002944
|
|
|
498E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151555134.000000000498E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
498E000
|
| Size: |
8192
|
|
|
DCB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4145840458.0000000000DCB000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DCB000
|
| Size: |
102400
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1794813070.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947461413.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
3F6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152713027.0000000003F6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F6F000
|
| Size: |
4096
|
|
|
475F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152746373.000000000475F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
475F000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1844676735.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
52E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1776526702.00000000052E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
52E0000
|
| Size: |
53248
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1762689037.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
5560000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153485169.0000000005560000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5560000
|
| Size: |
4096
|
|
|
930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4145665165.0000000000930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
4096
|
|
|
A20000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4145594627.0000000000A20000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A20000
|
| Size: |
4096
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710365800.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1770339286.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
292E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4150485079.000000000292E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
292E000
|
| Size: |
8192
|
|
|
436E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153092540.000000000436E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
436E000
|
| Size: |
8192
|
|
|
A21000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1755977759.0000000000A21000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A21000
|
| Size: |
593920
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857476648.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710195812.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
8192
|
|
|
31CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148704684.00000000031CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31CE000
|
| Size: |
8192
|
|
|
368F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4149105095.000000000368F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
368F000
|
| Size: |
4096
|
|
|
44AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153211847.00000000044AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44AE000
|
| Size: |
8192
|
|
|
135D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4147546493.000000000135D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
135D000
|
| Size: |
12288
|
|
|
111A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1689373102.000000000111A000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
111A000
|
| Size: |
1740800
|
|
|
4F3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4152271542.0000000004F3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F3F000
|
| Size: |
4096
|
|
|
4CE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1936014136.0000000004CE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CE0000
|
| Size: |
4096
|
|
|
5BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4145548070.00000000005BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BC000
|
| Size: |
16384
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1765667156.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
572F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4152585555.000000000572F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
572F000
|
| Size: |
4096
|
|
|
10D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148869171.00000000010D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D0000
|
| Size: |
16384
|
|
|
4FE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152641587.0000000004FE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FE0000
|
| Size: |
4096
|
|
|
3CCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150795562.0000000003CCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CCF000
|
| Size: |
4096
|
|
|
4E51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1795132257.0000000004E51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E51000
|
| Size: |
4096
|
|
|
2E5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150477646.0000000002E5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E5F000
|
| Size: |
4096
|
|
|
55E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1708972022.00000000055E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
55E0000
|
| Size: |
53248
|
|
|
2D57000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150347014.0000000002D57000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D57000
|
| Size: |
12288
|
|
|
5840000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4153326503.0000000005840000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5840000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1875833838.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
4D70000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4153954304.0000000004D70000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D70000
|
| Size: |
4096
|
|
|
390F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148653825.000000000390F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
390F000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855028331.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1707283543.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
3FAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152752031.0000000003FAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FAE000
|
| Size: |
8192
|
|
|
5450000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779353468.0000000005450000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5450000
|
| Size: |
4096
|
|
|
169B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4147764213.000000000169B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
169B000
|
| Size: |
176128
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
321F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150802240.000000000321F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
321F000
|
| Size: |
4096
|
|
|
335F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150915682.000000000335F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
335F000
|
| Size: |
4096
|
|
|
36EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151951119.00000000036EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36EE000
|
| Size: |
8192
|
|
|
5540000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153381069.0000000005540000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5540000
|
| Size: |
4096
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1772651986.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1794680659.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
49152
|
|
|
5060000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4153102222.0000000005060000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5060000
|
| Size: |
4096
|
|
|
5030000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153533693.0000000005030000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5030000
|
| Size: |
4096
|
|
|
5570000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153538786.0000000005570000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5570000
|
| Size: |
8192
|
|
|
11E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4147850074.00000000011E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11E2000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152046084.0000000003EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EDE000
|
| Size: |
8192
|
|
|
389E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151417018.000000000389E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
389E000
|
| Size: |
8192
|
|
|
4DA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4154084704.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DA0000
|
| Size: |
4096
|
|
|
2CAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4150891551.0000000002CAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CAF000
|
| Size: |
4096
|
|
|
3D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150418369.0000000003D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D9E000
|
| Size: |
8192
|
|
|
536E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4153703897.000000000536E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
536E000
|
| Size: |
8192
|
|
|
F5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148938152.0000000000F5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F5B000
|
| Size: |
61440
|
|
|
11F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4147850074.00000000011F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11F4000
|
| Size: |
8192
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1760784670.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
3D0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4149048332.0000000003D0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D0E000
|
| Size: |
8192
|
|
|
43DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152475835.00000000043DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43DE000
|
| Size: |
8192
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1876094092.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
2C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1838684170.00000000002C0000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2C0000
|
| Size: |
4096
|
|
|
3A8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150639603.0000000003A8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A8E000
|
| Size: |
8192
|
|
|
3BCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148929843.0000000003BCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BCE000
|
| Size: |
8192
|
|
|
589E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4154035418.000000000589E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
589E000
|
| Size: |
8192
|
|
|
5161000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1694943752.0000000005161000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5161000
|
| Size: |
49152
|
|
|
13E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147696410.00000000013E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E0000
|
| Size: |
16384
|
|
|
439F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152421926.000000000439F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
439F000
|
| Size: |
4096
|
|
|
3D2D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152535860.0000000003D2D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D2D000
|
| Size: |
12288
|
|
|
2C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148300562.0000000002C40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C40000
|
| Size: |
16384
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855118524.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
6BA000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1839249957.00000000006BA000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6BA000
|
| Size: |
1740800
|
|
|
3C1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4149103172.0000000003C1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C1F000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1738343573.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1844662829.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1795109739.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
5412000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1776987778.0000000005412000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5412000
|
| Size: |
16384
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1761960567.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
494F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151948334.000000000494F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
494F000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947415431.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
1680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4147728285.0000000001680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
4096
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1779114420.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
12288
|
|
|
4D30000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4153790372.0000000004D30000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D30000
|
| Size: |
4096
|
|
|
FE5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4145908249.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FE5000
|
| Size: |
913408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
46F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947694238.00000000046F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
4096
|
|
|
4E51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1795106257.0000000004E51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E51000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1774195630.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857761420.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
57F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4153033777.00000000057F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57F0000
|
| Size: |
4096
|
|
|
399F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148875102.000000000399F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
399F000
|
| Size: |
4096
|
|
|
4DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151944609.0000000004DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DDE000
|
| Size: |
8192
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1695293709.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1736458054.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
862000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4148347497.0000000000862000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
862000
|
| Size: |
4096
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1773845570.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
58A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4153643641.00000000058A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
58A3000
|
| Size: |
2002944
|
|
|
1690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4147764213.0000000001690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690000
|
| Size: |
36864
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933614566.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
31AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148046112.00000000031AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31AB000
|
| Size: |
20480
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710324732.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
A20000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4145770328.0000000000A20000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A20000
|
| Size: |
4096
|
|
|
349F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151013113.000000000349F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
349F000
|
| Size: |
4096
|
|
|
57A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4152745983.00000000057A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57A0000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855091600.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
3F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4150411730.0000000003F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F8E000
|
| Size: |
8192
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1844647761.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1774391479.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
1100000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4145908249.0000000001100000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1100000
|
| Size: |
45056
|
|
|
4F22000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1776201948.0000000004F22000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4F22000
|
| Size: |
16384
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1794964754.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
F10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148769673.0000000000F10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F10000
|
| Size: |
16384
|
|
|
2D20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4149156489.0000000002D20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D20000
|
| Size: |
4096
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1767598805.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1708217078.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1708057873.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
394E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150535682.000000000394E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
394E000
|
| Size: |
8192
|
|
|
E1A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4145995268.0000000000E1A000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E1A000
|
| Size: |
4096
|
|
|
5A96000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1735359730.0000000005A96000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A96000
|
| Size: |
524288
|
|
|
54F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153089802.00000000054F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54F0000
|
| Size: |
4096
|
|
|
F6D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148938152.0000000000F6D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F6D000
|
| Size: |
106496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1733986499.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
5010000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152828138.0000000005010000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5010000
|
| Size: |
4096
|
|
|
46CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151165539.00000000046CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46CF000
|
| Size: |
4096
|
|
|
461F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152643272.000000000461F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
461F000
|
| Size: |
4096
|
|
|
11EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1795466475.00000000011EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11EC000
|
| Size: |
4096
|
|
|
F17000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148769673.0000000000F17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F17000
|
| Size: |
12288
|
|
|
5090000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153823820.0000000005090000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5090000
|
| Size: |
4096
|
|
|
46EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153379934.00000000046EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46EF000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1875864543.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1845064064.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
3F8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4147265146.00000000003F8000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3F8000
|
| Size: |
12288
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1849602031.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
2C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.1919451141.00000000002C0000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2C0000
|
| Size: |
4096
|
|
|
6BA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4147307095.00000000006BA000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6BA000
|
| Size: |
4096
|
|
|
181E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147804202.000000000181E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
181E000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1867000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1738671738.0000000001867000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1867000
|
| Size: |
4096
|
|
|
31AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151418818.00000000031AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31AF000
|
| Size: |
4096
|
|
|
344E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148932703.000000000344E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
344E000
|
| Size: |
8192
|
|
|
340E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148871153.000000000340E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
340E000
|
| Size: |
8192
|
|
|
5480000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4152685100.0000000005480000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5480000
|
| Size: |
4096
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857694292.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
3B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151645862.0000000003B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B1E000
|
| Size: |
8192
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1771937556.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1708107855.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
F40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148324926.0000000000F40000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1737527069.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
5490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4152745006.0000000005490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5490000
|
| Size: |
4096
|
|
|
1500000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4147652770.0000000001500000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1500000
|
| Size: |
4096
|
|
|
16FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147737712.00000000016FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16FC000
|
| Size: |
16384
|
|
|
1869000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147804202.0000000001869000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1869000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148132822.0000000003200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
16384
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1875889488.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857640372.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1697959327.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1875967019.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
5000000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153376306.0000000005000000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5000000
|
| Size: |
4096
|
|
|
46F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153428699.00000000046F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
46F0000
|
| Size: |
4096
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1794712713.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
F93000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148390163.0000000000F93000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F93000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152653784.0000000003E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E6E000
|
| Size: |
8192
|
|
|
5520000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153268766.0000000005520000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5520000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1774575911.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
DCB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4145995268.0000000000DCB000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
DCB000
|
| Size: |
102400
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710423476.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
12288
|
|
|
3FDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152098844.0000000003FDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FDF000
|
| Size: |
4096
|
|
|
4D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4152076191.0000000004D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D0F000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933629904.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
3D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151881293.0000000003D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D9E000
|
| Size: |
8192
|
|
|
16D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4147764213.00000000016D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16D1000
|
| Size: |
8192
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1852801957.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
F5E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148390163.0000000000F5E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F5E000
|
| Size: |
184320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
392F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152151718.000000000392F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
392F000
|
| Size: |
4096
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1696170238.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
3A4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150592386.0000000003A4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A4F000
|
| Size: |
4096
|
|
|
5800000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4153088945.0000000005800000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5800000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1734277957.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1795037321.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
5161000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1733918140.0000000005161000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5161000
|
| Size: |
49152
|
|
|
479D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151286641.000000000479D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
479D000
|
| Size: |
12288
|
|
|
34DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151075022.00000000034DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34DE000
|
| Size: |
8192
|
|
|
CE5000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4145840458.0000000000CE5000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CE5000
|
| Size: |
913408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
E1B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000005.00000002.4147443008.0000000000E1B000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
E1B000
|
| Size: |
1732608
|
|
|
465E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151168596.000000000465E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
465E000
|
| Size: |
8192
|
|
|
5050000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4153038378.0000000005050000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5050000
|
| Size: |
8192
|
|
|
484E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151397326.000000000484E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
484E000
|
| Size: |
8192
|
|
|
35DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151128959.00000000035DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35DF000
|
| Size: |
4096
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935821337.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
425F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152320657.000000000425F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
425F000
|
| Size: |
4096
|
|
|
2C1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1839122250.00000000002C1000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
2C1000
|
| Size: |
593920
|
|
|
36CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4149158425.00000000036CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36CE000
|
| Size: |
8192
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710338820.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
5A91000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1734339139.0000000005A91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A91000
|
| Size: |
524288
|
|
|
4D50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4153867430.0000000004D50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D50000
|
| Size: |
4096
|
|
|
399F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151475405.000000000399F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
399F000
|
| Size: |
4096
|
|
|
458F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151590799.000000000458F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
458F000
|
| Size: |
4096
|
|
|
5530000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153331258.0000000005530000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5530000
|
| Size: |
4096
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779152513.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1773621286.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
5760000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710455553.0000000005760000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5760000
|
| Size: |
8192
|
|
|
2D4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148402935.0000000002D4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D4F000
|
| Size: |
4096
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710255275.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
4FC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857797189.0000000004FC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FC0000
|
| Size: |
4096
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1773271980.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
37CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148555066.00000000037CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37CF000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1844579806.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1926292660.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1795216070.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1844691653.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
3ADF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151594173.0000000003ADF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ADF000
|
| Size: |
4096
|
|
|
2F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150597195.0000000002F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F9F000
|
| Size: |
4096
|
|
|
5040000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153586495.0000000005040000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5040000
|
| Size: |
4096
|
|
|
40CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4150538421.00000000040CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40CE000
|
| Size: |
8192
|
|
|
3B8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150690925.0000000003B8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B8F000
|
| Size: |
4096
|
|
|
5810000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4153148199.0000000005810000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5810000
|
| Size: |
4096
|
|
|
4FC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4153324287.0000000004FC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FC0000
|
| Size: |
4096
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1766470100.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
FA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148390163.0000000000FA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA6000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4B30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1928827115.0000000004B30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B30000
|
| Size: |
184320
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1924435166.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
4E51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1795075789.0000000004E51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E51000
|
| Size: |
4096
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1772598431.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
1800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147776925.0000000001800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1800000
|
| Size: |
4096
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1930251544.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
4F50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4152322080.0000000004F50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F50000
|
| Size: |
4096
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1847803818.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
354F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148366903.000000000354F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
354F000
|
| Size: |
4096
|
|
|
54E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153035502.00000000054E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54E0000
|
| Size: |
4096
|
|
|
49E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1876360305.00000000049E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49E1000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1738243010.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1929556748.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
420E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4150679283.000000000420E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
420E000
|
| Size: |
8192
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947371449.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
3F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151084370.0000000003F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F8E000
|
| Size: |
8192
|
|
|
4D40000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4153839760.0000000004D40000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D40000
|
| Size: |
4096
|
|
|
358E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4149046494.000000000358E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
358E000
|
| Size: |
8192
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1779044624.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
489F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152863018.000000000489F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
489F000
|
| Size: |
4096
|
|
|
5081000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4153221930.0000000005081000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5081000
|
| Size: |
2002944
|
|
|
354F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148993857.000000000354F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
354F000
|
| Size: |
4096
|
|
|
44DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152537628.00000000044DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44DF000
|
| Size: |
4096
|
|
|
444F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151467535.000000000444F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
444F000
|
| Size: |
4096
|
|
|
3D0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150851186.0000000003D0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D0E000
|
| Size: |
8192
|
|
|
B58000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4145971849.0000000000B58000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B58000
|
| Size: |
12288
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855131939.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
F5A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148390163.0000000000F5A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F5A000
|
| Size: |
8192
|
|
|
434E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151413076.000000000434E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
434E000
|
| Size: |
8192
|
|
|
8FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148404247.00000000008FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8FC000
|
| Size: |
16384
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857605218.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710308803.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
515F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4152258097.000000000515F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
515F000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933791458.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
3F3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4146169733.00000000003F3000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3F3000
|
| Size: |
20480
|
|
|
41CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4150594239.00000000041CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41CF000
|
| Size: |
4096
|
|
|
50B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153896189.00000000050B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50B0000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1708013572.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153479599.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
45CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151086676.00000000045CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45CE000
|
| Size: |
8192
|
|
|
49E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1876290395.00000000049E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49E1000
|
| Size: |
4096
|
|
|
2C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4145586988.00000000002C0000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2C0000
|
| Size: |
4096
|
|
|
6BA000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000000.1919551536.00000000006BA000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6BA000
|
| Size: |
1740800
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1699884493.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1762103796.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
B58000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.1756053818.0000000000B58000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B58000
|
| Size: |
4096
|
|
|
4DF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4154218776.0000000004DF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DF0000
|
| Size: |
4096
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710399574.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
2B6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4150735668.0000000002B6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B6F000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1695228111.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1930898476.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1778814658.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
4DC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4154138143.0000000004DC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DC0000
|
| Size: |
4096
|
|
|
318F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148656945.000000000318F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
318F000
|
| Size: |
4096
|
|
|
FC2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4147804395.0000000000FC2000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FC2000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1735284425.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
361E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148608386.000000000361E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
361E000
|
| Size: |
8192
|
|
|
4BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151866686.0000000004BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BCF000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1795166949.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
12C2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4147570115.00000000012C2000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
12C2000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1794832362.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779233333.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
49E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1876234726.00000000049E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49E1000
|
| Size: |
4096
|
|
|
332E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151589194.000000000332E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
332E000
|
| Size: |
8192
|
|
|
E0C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4145840458.0000000000E0C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E0C000
|
| Size: |
36864
|
|
|
3FDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150595833.0000000003FDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FDF000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1708075041.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
54A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4152809754.00000000054A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54A0000
|
| Size: |
4096
|
|
|
31EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151471496.00000000031EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31EE000
|
| Size: |
8192
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779039145.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935938683.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1774301537.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
5770000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1710237081.0000000005770000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5770000
|
| Size: |
4096
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1769640472.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
181A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147804202.000000000181A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
181A000
|
| Size: |
8192
|
|
|
448E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151524396.000000000448E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
448E000
|
| Size: |
8192
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933578968.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933752899.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1736426015.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
46F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947762049.00000000046F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
4096
|
|
|
30DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150693842.00000000030DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30DF000
|
| Size: |
4096
|
|
|
342F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151633367.000000000342F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
342F000
|
| Size: |
4096
|
|
|
4ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151698575.0000000004ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4ACE000
|
| Size: |
8192
|
|
|
380E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150416300.000000000380E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
380E000
|
| Size: |
8192
|
|
|
5780000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4152639594.0000000005780000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5780000
|
| Size: |
4096
|
|
|
F9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148390163.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F9E000
|
| Size: |
4096
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1766693854.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
2F4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148506734.0000000002F4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F4F000
|
| Size: |
4096
|
|
|
39DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151529686.00000000039DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39DE000
|
| Size: |
8192
|
|
|
5440000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4152620375.0000000005440000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5440000
|
| Size: |
4096
|
|
|
125C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4147495992.000000000125C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
125C000
|
| Size: |
16384
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854815767.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
34DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148510136.00000000034DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34DB000
|
| Size: |
20480
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1762185023.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1695038735.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947350378.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
11F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1795466475.00000000011F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11F4000
|
| Size: |
8192
|
|
|
4B6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153482039.0000000004B6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B6E000
|
| Size: |
8192
|
|
|
110C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4145908249.000000000110C000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
110C000
|
| Size: |
36864
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1733954281.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
480F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151809498.000000000480F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
480F000
|
| Size: |
4096
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779251361.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935875299.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1925648923.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935890410.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
382E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152090021.000000000382E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
382E000
|
| Size: |
8192
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1794727574.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
E58000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1689352186.0000000000E58000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
E58000
|
| Size: |
4096
|
|
|
5890000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4153594520.0000000005890000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5890000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1774250077.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1734037962.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
4D60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4153912018.0000000004D60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D60000
|
| Size: |
4096
|
|
|
3BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152421872.0000000003BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BEE000
|
| Size: |
8192
|
|
|
49E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1876331895.00000000049E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49E1000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1774511048.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935921794.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
E1B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.4146294218.0000000000E1B000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
E1B000
|
| Size: |
1732608
|
|
|
40EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152863574.00000000040EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40EE000
|
| Size: |
8192
|
|
|
325E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150861404.000000000325E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
325E000
|
| Size: |
8192
|
|
|
2CDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4149042457.0000000002CDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CDF000
|
| Size: |
4096
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1932718488.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
13C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4147592247.00000000013C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1773394648.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
245760
|
|
|
B58000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4145815751.0000000000B58000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B58000
|
| Size: |
12288
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1764189763.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
E58000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4145882356.0000000000E58000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E58000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
A20000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.1755161746.0000000000A20000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A20000
|
| Size: |
4096
|
|
|
2BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148198319.0000000002BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BFE000
|
| Size: |
8192
|
|
|
368F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148458909.000000000368F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
368F000
|
| Size: |
4096
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1928752164.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1738373281.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
5080000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153786892.0000000005080000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5080000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855251555.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
4DD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4154166834.0000000004DD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DD0000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947482623.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
470E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151750959.000000000470E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
470E000
|
| Size: |
8192
|
|
|
4DB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4154110922.0000000004DB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DB0000
|
| Size: |
4096
|
|
|
340F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148269996.000000000340F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
340F000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1794947280.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
2F6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151227845.0000000002F6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F6E000
|
| Size: |
8192
|
|
|
50C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4153932929.00000000050C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50C0000
|
| Size: |
4096
|
|
|
111A000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4145908249.000000000111A000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
111A000
|
| Size: |
4096
|
|
|
4B1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151629013.0000000004B1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B1F000
|
| Size: |
4096
|
|
|
30AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151357512.00000000030AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30AE000
|
| Size: |
8192
|
|
|
5870000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4153480476.0000000005870000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5870000
|
| Size: |
8192
|
|
|
E5C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4145908249.0000000000E5C000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E5C000
|
| Size: |
1601536
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1778877961.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
4F50000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1779174070.0000000004F50000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F50000
|
| Size: |
4096
|
|
|
3F8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000000.1919533118.00000000003F8000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
3F8000
|
| Size: |
4096
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1760739074.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
54D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4152976882.00000000054D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54D0000
|
| Size: |
4096
|
|
|
B5C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4145995268.0000000000B5C000.00000040.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
B5C000
|
| Size: |
1601536
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1851034770.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
48DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152917801.00000000048DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48DE000
|
| Size: |
8192
|
|
|
4E51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1795044515.0000000004E51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E51000
|
| Size: |
4096
|
|
|
66B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4147310163.000000000066B000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
66B000
|
| Size: |
102400
|
|
|
F93000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1948086057.0000000000F93000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F93000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
13C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147634511.00000000013C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
4096
|
|
|
5030000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152922414.0000000005030000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5030000
|
| Size: |
4096
|
|
|
54B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4152866644.00000000054B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54B0000
|
| Size: |
4096
|
|
|
3EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150540606.0000000003EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EDE000
|
| Size: |
8192
|
|
|
394E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148702060.000000000394E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
394E000
|
| Size: |
8192
|
|
|
5160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4152316525.0000000005160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5160000
|
| Size: |
4096
|
|
|
308E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148608467.000000000308E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
308E000
|
| Size: |
8192
|
|
|
346E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151693235.000000000346E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
346E000
|
| Size: |
8192
|
|
|
1854000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4147804202.0000000001854000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1854000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1760837936.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1695167683.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
2D1B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4149101988.0000000002D1B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D1B000
|
| Size: |
20480
|
|
|
420E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151291912.000000000420E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
420E000
|
| Size: |
8192
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1765884196.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1779064101.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1734017429.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
339E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150954544.000000000339E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
339E000
|
| Size: |
8192
|
|
|
422E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152978436.000000000422E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
422E000
|
| Size: |
8192
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935782708.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
1A4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148267596.0000000001A4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1A4F000
|
| Size: |
4096
|
|
|
4E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4153093791.0000000004E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E5E000
|
| Size: |
8192
|
|
|
50E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4154003797.00000000050E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1694991390.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
49E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1844539020.00000000049E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49E1000
|
| Size: |
49152
|
|
|
31F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1770396596.00000000031F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
53248
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1924520390.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
6BA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4147310163.00000000006BA000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6BA000
|
| Size: |
4096
|
|
|
5440000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779381541.0000000005440000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5440000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855181214.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
46F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947727500.00000000046F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
4096
|
|
|
4CF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935984808.0000000004CF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CF0000
|
| Size: |
4096
|
|
|
4BCC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153591327.0000000004BCC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BCC000
|
| Size: |
16384
|
|
|
53FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4154280057.00000000053FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
53FE000
|
| Size: |
8192
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1848404833.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1773662011.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
4D20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4153753827.0000000004D20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D20000
|
| Size: |
4096
|
|
|
2E4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4148453487.0000000002E4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E4F000
|
| Size: |
4096
|
|
|
4FE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857779052.0000000004FE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FE0000
|
| Size: |
8192
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1762057223.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1924466743.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
3ADF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148995221.0000000003ADF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ADF000
|
| Size: |
4096
|
|
|
F9B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148390163.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F9B000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
57E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4152976676.00000000057E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57E0000
|
| Size: |
4096
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853384755.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1763334735.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947611742.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
5880000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4153535392.0000000005880000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5880000
|
| Size: |
4096
|
|
|
4F92000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856862638.0000000004F92000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4F92000
|
| Size: |
16384
|
|
|
6BB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000002.4148027108.00000000006BB000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
6BB000
|
| Size: |
1732608
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1773426635.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
4DF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4152152697.0000000004DF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4DF0000
|
| Size: |
12288
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779062505.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
BDC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148219429.0000000000BDC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BDC000
|
| Size: |
16384
|
|
|
F91000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1948086057.0000000000F91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F91000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1700686409.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1760705480.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
6AC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4147307095.00000000006AC000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
6AC000
|
| Size: |
36864
|
|
|
3F4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4150353332.0000000003F4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F4F000
|
| Size: |
4096
|
|
|
396E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152205686.000000000396E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
396E000
|
| Size: |
8192
|
|
|
4FA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152419684.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FA0000
|
| Size: |
4096
|
|
|
4950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1768905520.0000000004950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
53248
|
|
|
4D00000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935998941.0000000004D00000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D00000
|
| Size: |
8192
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1760761677.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1733969879.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
2CEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4150959135.0000000002CEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CEE000
|
| Size: |
8192
|
|
|
4D80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4154001591.0000000004D80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D80000
|
| Size: |
4096
|
|
|
371F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148655709.000000000371F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
371F000
|
| Size: |
4096
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152875370.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
49E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854958676.00000000049E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49E1000
|
| Size: |
249856
|
|
|
5850000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4153379698.0000000005850000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5850000
|
| Size: |
4096
|
|
|
4F80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1779023696.0000000004F80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
EFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148279153.0000000000EFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EFD000
|
| Size: |
12288
|
|
|
4E60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4153150944.0000000004E60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E60000
|
| Size: |
12288
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1708186992.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
434E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4150797513.000000000434E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
434E000
|
| Size: |
8192
|
|
|
F50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4148390163.0000000000F50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1701650757.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935905235.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857570436.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
2C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4145584611.00000000002C0000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2C0000
|
| Size: |
4096
|
|
|
9F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4145718677.00000000009F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F0000
|
| Size: |
16384
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1778990501.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
8192
|
|
|
3E2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152610505.0000000003E2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E2F000
|
| Size: |
4096
|
|
|
49DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152980695.00000000049DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49DF000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1844900959.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1774490231.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
4B80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153535501.0000000004B80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4B80000
|
| Size: |
12288
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1847146847.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
448E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4150956883.000000000448E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
448E000
|
| Size: |
8192
|
|
|
48DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151430590.00000000048DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48DE000
|
| Size: |
8192
|
|
|
920000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4145618461.0000000000920000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
920000
|
| Size: |
4096
|
|
|
4FC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152533831.0000000004FC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FC0000
|
| Size: |
4096
|
|
|
52E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4152419174.00000000052E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
52E0000
|
| Size: |
12288
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1928133335.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1794772434.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
3350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148313446.0000000003350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3350000
|
| Size: |
16384
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1931512262.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
2FDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4150643840.0000000002FDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FDE000
|
| Size: |
8192
|
|
|
C60000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4148508044.0000000000C60000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C60000
|
| Size: |
4096
|
|
|
4CB2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1935348315.0000000004CB2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4CB2000
|
| Size: |
16384
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1760861580.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855045825.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
4960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4152035528.0000000004960000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4960000
|
| Size: |
4096
|
|
|
4E20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1850295408.0000000004E20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E20000
|
| Size: |
184320
|
|
|
5290000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1768904363.0000000005290000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5290000
|
| Size: |
184320
|
|
|
429E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152363507.000000000429E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
429E000
|
| Size: |
8192
|
|
|
4C5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151749781.0000000004C5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C5F000
|
| Size: |
4096
|
|
|
3C5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4149160600.0000000003C5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C5E000
|
| Size: |
8192
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1794832998.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
2D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1852222273.0000000002D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
53248
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855060419.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
45EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153323441.00000000045EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45EE000
|
| Size: |
8192
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1774418307.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
4E51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1795159579.0000000004E51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E51000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1695084522.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
4E20000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4154297826.0000000004E20000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E20000
|
| Size: |
4096
|
|
|
52E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1775783120.00000000052E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
52E0000
|
| Size: |
53248
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1875946423.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
475F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151222876.000000000475F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
475F000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933677743.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
3D5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150357807.0000000003D5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D5F000
|
| Size: |
4096
|
|
|
41EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4152920606.00000000041EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41EF000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1876115578.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
4096
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1779170942.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
505E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4152204429.000000000505E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
505E000
|
| Size: |
8192
|
|
|
411F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152210084.000000000411F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
411F000
|
| Size: |
4096
|
|
|
451E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4152600485.000000000451E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
451E000
|
| Size: |
8192
|
|
|
4F60000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000003.1779135531.0000000004F60000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F60000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1794794816.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
4096
|
|
|
3B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4149046131.0000000003B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B1E000
|
| Size: |
8192
|
|
|
494F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151462380.000000000494F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
494F000
|
| Size: |
4096
|
|
|
36AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151879991.00000000036AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36AF000
|
| Size: |
4096
|
|
|
4D10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1935964588.0000000004D10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4D10000
|
| Size: |
12288
|
|
|
4B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151687960.0000000004B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B5E000
|
| Size: |
8192
|
|
|
4F90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152366396.0000000004F90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F90000
|
| Size: |
4096
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1706639077.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
2F2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4151170398.0000000002F2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F2F000
|
| Size: |
4096
|
|
|
4C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151975950.0000000004C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C0E000
|
| Size: |
8192
|
|
|
316F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148004410.000000000316F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
316F000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933597619.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1794795599.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
F40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1927500470.0000000000F40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
53248
|
|
|
5590000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4153674973.0000000005590000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5590000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1733999576.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
484E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4151877291.000000000484E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
484E000
|
| Size: |
8192
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1707855444.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
390F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.4150476268.000000000390F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
390F000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933776293.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
5070000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4153162404.0000000005070000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5070000
|
| Size: |
4096
|
|
|
429E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150857800.000000000429E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
429E000
|
| Size: |
8192
|
|
|
9F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1773449182.00000000009F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F4000
|
| Size: |
4096
|
|
|
A20000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1755953059.0000000000A20000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A20000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1736543511.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
10CB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.4145908249.00000000010CB000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
10CB000
|
| Size: |
102400
|
|
|
B58000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000005.00000000.1755268113.0000000000B58000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B58000
|
| Size: |
4096
|
|
|
470E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4151223353.000000000470E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
470E000
|
| Size: |
8192
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1736516926.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
361E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4151179026.000000000361E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
361E000
|
| Size: |
8192
|
|
|
3F8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.4147267330.00000000003F8000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3F8000
|
| Size: |
12288
|
|
|
3207000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148132822.0000000003207000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3207000
|
| Size: |
12288
|
|
|
E1A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1756072241.0000000000E1A000.00000080.00000001.01000000.00000005.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
E1A000
|
| Size: |
1740800
|
|
|
5712000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1709813394.0000000005712000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5712000
|
| Size: |
16384
|
|
|
585000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4147310163.0000000000585000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
585000
|
| Size: |
913408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
46F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1947794382.00000000046F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
4096
|
|
|
49E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1875774992.00000000049E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49E1000
|
| Size: |
49152
|
|
|
3A4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148757144.0000000003A4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A4F000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1924359649.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
439F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4150915643.000000000439F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
439F000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.4152588482.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857661364.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
44DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4151010741.00000000044DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44DF000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1708203497.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
54C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.4152919861.00000000054C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54C0000
|
| Size: |
4096
|
|
|
3CCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148996503.0000000003CCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CCF000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1738387225.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1697353374.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
3F3000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.4146167296.00000000003F3000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3F3000
|
| Size: |
20480
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1695124159.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1737492535.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
45AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.4153267888.00000000045AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45AF000
|
| Size: |
4096
|
|
|
380E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4148605529.000000000380E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
380E000
|
| Size: |
8192
|
|
|
4E50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.4152262779.0000000004E50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E50000
|
| Size: |
4096
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1696761050.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
53248
|
|
|
4E10000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4154267256.0000000004E10000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1857712825.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
DC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1933644859.0000000000DC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DC4000
|
| Size: |
4096
|
|
|
13E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1738400677.00000000013E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E4000
|
| Size: |
4096
|
|
|
349F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.4148468498.000000000349F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
349F000
|
| Size: |
4096
|
|
|
4DE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.4154193463.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
D21000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1689234613.0000000000D21000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D21000
|
| Size: |
593920
|
|
