150E000
|
heap
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.2551905997.000000000150E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
150E000
|
Size: |
262144
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found malware configuration |
AV Detection |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
52C0000
|
direct allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000003.2149505176.00000000052C0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
52C0000
|
Size: |
225280
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
7A1000
|
unkown
|
page execute and read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.2550910093.00000000007A1000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
7A1000
|
Size: |
225280
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
C123000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527665023.000000000C123000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C123000
|
Size: |
4096
|
|
32DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552534795.00000000032DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
32DE000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2151404837.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4BDE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553645640.0000000004BDE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4BDE000
|
Size: |
8192
|
|
5DA4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2516433299.0000000005DA4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA4000
|
Size: |
32768
|
|
61ED0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2562322957.0000000061ED0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ED0000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2151300815.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
225280
|
|
6C971000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.2562433975.000000006C971000.00000020.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
6C971000
|
Size: |
507904
|
|
5DBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527491932.0000000005DBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBC000
|
Size: |
12288
|
|
5D81000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326570840.0000000005D81000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D81000
|
Size: |
16384
|
|
5D9B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326552276.0000000005D9B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9B000
|
Size: |
32768
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2170882006.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
6CBAF000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2562799015.000000006CBAF000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6CBAF000
|
Size: |
258048
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
7A0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2138371031.00000000007A0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
7A0000
|
Size: |
4096
|
|
123C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551719033.000000000123C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
123C000
|
Size: |
16384
|
|
C8A000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000000.2138487864.0000000000C8A000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
C8A000
|
Size: |
1695744
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144317870.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
49152
|
|
15D6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2325997513.00000000015D6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15D6000
|
Size: |
16384
|
|
5D8B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326437113.0000000005D8B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D8B000
|
Size: |
24576
|
|
5D9A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326278063.0000000005D9A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9A000
|
Size: |
24576
|
|
BEED000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2558168862.000000000BEED000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BEED000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176140108.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
6C970000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2562410645.000000006C970000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C970000
|
Size: |
4096
|
|
1460000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551812133.0000000001460000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1460000
|
Size: |
8192
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2515743571.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
86C000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2550910093.000000000086C000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
86C000
|
Size: |
245760
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
5D97000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326386415.0000000005D97000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D97000
|
Size: |
40960
|
|
1586000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551905997.0000000001586000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1586000
|
Size: |
61440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
URLs found in memory or binary data |
Networking |
|
|
6C9ED000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2562518741.000000006C9ED000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6C9ED000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455938375.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
3090000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552383185.0000000003090000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3090000
|
Size: |
20480
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454352078.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
33DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552557275.00000000033DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
33DF000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175221834.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175516000.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
15F8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551905997.00000000015F8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15F8000
|
Size: |
4096
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2515884830.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
6CA02000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2562580072.000000006CA02000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6CA02000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
855000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2550910093.0000000000855000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
855000
|
Size: |
77824
|
|
5D9F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527491932.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9F000
|
Size: |
53248
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169507697.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5DA1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455597168.0000000005DA1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA1000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2168504949.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
61EB4000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2562164262.0000000061EB4000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61EB4000
|
Size: |
12288
|
|
5D6D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554514638.0000000005D6D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5D6D000
|
Size: |
12288
|
|
4E1F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553730868.0000000004E1F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4E1F000
|
Size: |
4096
|
|
5D8B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317173452.0000000005D8B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D8B000
|
Size: |
24576
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147782865.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
5270000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145878391.0000000005270000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5270000
|
Size: |
167936
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455597168.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
5DA4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554935669.0000000005DA4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA4000
|
Size: |
32768
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441119784.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146758973.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2170719985.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D92000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2515743571.0000000005D92000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D92000
|
Size: |
24576
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175483155.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5DBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2516338892.0000000005DBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBC000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169552736.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
365F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552642739.000000000365F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
365F000
|
Size: |
4096
|
|
61ECD000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2562277440.0000000061ECD000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61ECD000
|
Size: |
12288
|
|
3DDF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553011223.0000000003DDF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3DDF000
|
Size: |
4096
|
|
369E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552671702.000000000369E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
369E000
|
Size: |
8192
|
|
301E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552284512.000000000301E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
301E000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169442984.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144955382.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147277468.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
5D8B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326278063.0000000005D8B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D8B000
|
Size: |
20480
|
|
BEAD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2558168862.000000000BEAD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BEAD000
|
Size: |
126976
|
|
329F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552512360.000000000329F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
329F000
|
Size: |
4096
|
|
6CBEE000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2562852400.000000006CBEE000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6CBEE000
|
Size: |
4096
|
|
5DB2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455721431.0000000005DB2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DB2000
|
Size: |
45056
|
|
5DBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2516433299.0000000005DBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBC000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169228180.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145597425.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454561514.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
455E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553327378.000000000455E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
455E000
|
Size: |
8192
|
|
5D70000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554539383.0000000005D70000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D70000
|
Size: |
4096
|
|
BE11000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2325881794.000000000BE11000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BE11000
|
Size: |
4096
|
|
5DBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2515884830.0000000005DBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBC000
|
Size: |
4096
|
|
5DB8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455272646.0000000005DB8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DB8000
|
Size: |
20480
|
|
5D8C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454266195.0000000005D8C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D8C000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
4E50000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553754743.0000000004E50000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E50000
|
Size: |
225280
|
|
1380000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551788559.0000000001380000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1380000
|
Size: |
4096
|
|
BE1B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2325881794.000000000BE1B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BE1B000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2168968492.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2148032723.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2550886367.00000000007A0000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
7A0000
|
Size: |
4096
|
|
41DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553186831.00000000041DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
41DE000
|
Size: |
8192
|
|
391E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552762301.000000000391E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
391E000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175546882.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
3CDE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552973046.0000000003CDE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3CDE000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175845803.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D8B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317273971.0000000005D8B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D8B000
|
Size: |
24576
|
|
319F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552489778.000000000319F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
319F000
|
Size: |
4096
|
|
5D7F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554539383.0000000005D7F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D7F000
|
Size: |
24576
|
|
56BF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554244350.00000000056BF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
56BF000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176669895.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D9D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454421393.0000000005D9D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9D000
|
Size: |
20480
|
|
5DBB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455970468.0000000005DBB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBB000
|
Size: |
8192
|
|
540F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554018017.000000000540F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
540F000
|
Size: |
4096
|
|
BE40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2558168862.000000000BE40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BE40000
|
Size: |
126976
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2168831357.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176743528.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177073637.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326496035.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
355E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552620727.000000000355E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
355E000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169758632.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
9EA000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.2138472770.00000000009EA000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
9EA000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169366430.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175124500.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D9F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554895817.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9F000
|
Size: |
8192
|
|
5D9D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326698657.0000000005D9D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9D000
|
Size: |
16384
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326612153.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
61ECC000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2562246267.0000000061ECC000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ECC000
|
Size: |
4096
|
|
C8A000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2551141119.0000000000C8A000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
C8A000
|
Size: |
4096
|
|
557F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554156527.000000000557F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
557F000
|
Size: |
4096
|
|
C134000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2516273755.000000000C134000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C134000
|
Size: |
4096
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147051862.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
341E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552581063.000000000341E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
341E000
|
Size: |
8192
|
|
38DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552740715.00000000038DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
38DF000
|
Size: |
4096
|
|
4A9E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553592659.0000000004A9E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4A9E000
|
Size: |
8192
|
|
1569000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551905997.0000000001569000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1569000
|
Size: |
94208
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175349765.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5DA2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441297649.0000000005DA2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA2000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176006150.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175575762.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176486600.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144536645.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
6CBF5000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2562953985.000000006CBF5000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6CBF5000
|
Size: |
73728
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
5DBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527859479.0000000005DBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBC000
|
Size: |
12288
|
|
5D9D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441143808.0000000005D9D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9D000
|
Size: |
28672
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326258470.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
5DBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2515743571.0000000005DBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBC000
|
Size: |
4096
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2325228663.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
173D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552240086.000000000173D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
173D000
|
Size: |
12288
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169093603.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5DA9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454608795.0000000005DA9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA9000
|
Size: |
12288
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176378582.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169035886.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4B9F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553622543.0000000004B9F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4B9F000
|
Size: |
4096
|
|
5DA4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317273971.0000000005DA4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA4000
|
Size: |
32768
|
|
3B5F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552833219.0000000003B5F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3B5F000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176280187.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
409E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553137544.000000000409E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
409E000
|
Size: |
8192
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527491932.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
1597000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551905997.0000000001597000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1597000
|
Size: |
237568
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
5DB2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455466286.0000000005DB2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DB2000
|
Size: |
24576
|
|
5D8B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441143808.0000000005D8B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D8B000
|
Size: |
20480
|
|
5D9F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454981299.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9F000
|
Size: |
53248
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176856610.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
15D2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551905997.00000000015D2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15D2000
|
Size: |
151552
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175885138.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5420000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.2149764216.0000000005420000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
5420000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2177029150.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2168604439.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176042082.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D9F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527358499.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9F000
|
Size: |
53248
|
|
C8B000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000002.2551543209.0000000000C8B000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
C8B000
|
Size: |
1679360
|
|
419F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553159743.000000000419F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
419F000
|
Size: |
4096
|
|
7A1000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000000.2138388674.00000000007A1000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
7A1000
|
Size: |
94208
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169615042.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5DBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527358499.0000000005DBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBC000
|
Size: |
12288
|
|
5D9F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454496067.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9F000
|
Size: |
12288
|
|
61EB7000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2562193872.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61EB7000
|
Size: |
86016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
5D81000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317173452.0000000005D81000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D81000
|
Size: |
16384
|
|
61E00000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2561995204.0000000061E00000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
61E00000
|
Size: |
4096
|
|
5D9D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454266195.0000000005D9D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9D000
|
Size: |
20480
|
|
469F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553370803.000000000469F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
469F000
|
Size: |
4096
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455970468.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176581792.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D99000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2325228663.0000000005D99000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D99000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
5DA1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317121851.0000000005DA1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA1000
|
Size: |
45056
|
|
5DA3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455333844.0000000005DA3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA3000
|
Size: |
36864
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326534923.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
3B9E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552860337.0000000003B9E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3B9E000
|
Size: |
8192
|
|
BE16000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2325881794.000000000BE16000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BE16000
|
Size: |
8192
|
|
5D8B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326641788.0000000005D8B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D8B000
|
Size: |
20480
|
|
3F5E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553092098.0000000003F5E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3F5E000
|
Size: |
8192
|
|
42DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553212197.00000000042DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
42DF000
|
Size: |
4096
|
|
598D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554377722.000000000598D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
598D000
|
Size: |
12288
|
|
1500000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551905997.0000000001500000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1500000
|
Size: |
28672
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176951289.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
3097000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552383185.0000000003097000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3097000
|
Size: |
12288
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176696342.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E8B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553754743.0000000004E8B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E8B000
|
Size: |
8192
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144755849.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169680535.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
183E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552262667.000000000183E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
183E000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175939851.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
BEF7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2558168862.000000000BEF7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BEF7000
|
Size: |
4096
|
|
5D9A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326437113.0000000005D9A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9A000
|
Size: |
28672
|
|
C13C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2516273755.000000000C13C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C13C000
|
Size: |
4096
|
|
BE28000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2325881794.000000000BE28000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BE28000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
5DA8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326675340.0000000005DA8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA8000
|
Size: |
16384
|
|
584E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554319725.000000000584E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
584E000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2170749432.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
305C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552309057.000000000305C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
305C000
|
Size: |
16384
|
|
4D1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553701779.0000000004D1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4D1E000
|
Size: |
8192
|
|
5D82000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326641788.0000000005D82000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D82000
|
Size: |
12288
|
|
379F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552692166.000000000379F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
379F000
|
Size: |
4096
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145810191.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
6CBF0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2562908008.000000006CBF0000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6CBF0000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176528600.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D9D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441072690.0000000005D9D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9D000
|
Size: |
28672
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554935669.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
5BCD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554458357.0000000005BCD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5BCD000
|
Size: |
12288
|
|
3E1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553032515.0000000003E1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3E1E000
|
Size: |
8192
|
|
56FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554267505.00000000056FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
56FE000
|
Size: |
8192
|
|
C7C000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2551141119.0000000000C7C000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
C7C000
|
Size: |
36864
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455721431.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
5460000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2554088691.0000000005460000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
5460000
|
Size: |
4096
|
|
BE10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2311518926.000000000BE10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
BE10000
|
Size: |
184320
|
|
5D89000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454981299.0000000005D89000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D89000
|
Size: |
28672
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176816336.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
BE60000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2558168862.000000000BE60000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BE60000
|
Size: |
126976
|
|
5D8B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2325277514.0000000005D8B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D8B000
|
Size: |
24576
|
|
1338000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551746061.0000000001338000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1338000
|
Size: |
32768
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2168927496.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175778836.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169808621.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175753178.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
46DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553392495.00000000046DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
46DE000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2168795314.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D9F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527934073.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9F000
|
Size: |
8192
|
|
14DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551884942.00000000014DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
14DE000
|
Size: |
8192
|
|
BF7D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2558615286.000000000BF7D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BF7D000
|
Size: |
12288
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175655046.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
6CBEF000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000002.2562881499.000000006CBEF000.00000008.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
6CBEF000
|
Size: |
4096
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527987310.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
BE10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2225983657.000000000BE10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
BE10000
|
Size: |
167936
|
|
1555000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551905997.0000000001555000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1555000
|
Size: |
69632
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
C131000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527665023.000000000C131000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C131000
|
Size: |
12288
|
|
5DB2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2456081307.0000000005DB2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DB2000
|
Size: |
36864
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455466286.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175719452.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5450000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.2149699328.0000000005450000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
5450000
|
Size: |
8192
|
|
5DA1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326612153.0000000005DA1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA1000
|
Size: |
8192
|
|
5A8C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554400923.0000000005A8C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5A8C000
|
Size: |
16384
|
|
824000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2550910093.0000000000824000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
824000
|
Size: |
196608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
61E01000
|
direct allocation
|
page execute read
|
|
|
|
Name: |
00000000.00000002.2562020311.0000000061E01000.00000020.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute read
|
Base address: |
61E01000
|
Size: |
733184
|
|
1509000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551905997.0000000001509000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1509000
|
Size: |
12288
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176612093.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
1470000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551841501.0000000001470000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1470000
|
Size: |
16384
|
|
491F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553499564.000000000491F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
491F000
|
Size: |
4096
|
|
594F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554351036.000000000594F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
594F000
|
Size: |
4096
|
|
BE80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2558168862.000000000BE80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BE80000
|
Size: |
180224
|
|
309B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552383185.000000000309B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
309B000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175425696.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D9F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2516338892.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9F000
|
Size: |
53248
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326212520.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
9EA000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551122199.00000000009EA000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
9EA000
|
Size: |
4096
|
|
BE10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2558168862.000000000BE10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BE10000
|
Size: |
61440
|
|
47DF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553414662.00000000047DF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
47DF000
|
Size: |
4096
|
|
5DBB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455466286.0000000005DBB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBB000
|
Size: |
8192
|
|
3060000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552332584.0000000003060000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3060000
|
Size: |
4096
|
|
16FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552220723.00000000016FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
16FF000
|
Size: |
4096
|
|
530B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553991369.000000000530B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
530B000
|
Size: |
20480
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441143808.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176457788.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
9D8000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2550910093.00000000009D8000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
9D8000
|
Size: |
8192
|
|
52C0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553970942.00000000052C0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
52C0000
|
Size: |
4096
|
|
4A5F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553572821.0000000004A5F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4A5F000
|
Size: |
4096
|
|
5D8B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326698657.0000000005D8B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D8B000
|
Size: |
20480
|
|
5D82000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317341002.0000000005D82000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D82000
|
Size: |
12288
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2516244324.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326419640.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175453065.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
445D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553301293.000000000445D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
445D000
|
Size: |
12288
|
|
61ED3000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2562322957.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
61ED3000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
C090000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2533658394.000000000C090000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
C090000
|
Size: |
163840
|
|
BECD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2558168862.000000000BECD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BECD000
|
Size: |
126976
|
|
1333000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551746061.0000000001333000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1333000
|
Size: |
4096
|
|
5440000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.2149748091.0000000005440000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
5440000
|
Size: |
4096
|
|
5DB2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454561514.0000000005DB2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DB2000
|
Size: |
24576
|
|
5EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2197143963.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5EA0000
|
Size: |
167936
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2170910578.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
3C9F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552884000.0000000003C9F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3C9F000
|
Size: |
4096
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441264958.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455181315.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
5D9F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455721431.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9F000
|
Size: |
53248
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2169174890.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D76000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554539383.0000000005D76000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D76000
|
Size: |
8192
|
|
52C0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2148858866.00000000052C0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
52C0000
|
Size: |
53248
|
|
5430000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.2149733087.0000000005430000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
5430000
|
Size: |
4096
|
|
9EC000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2551141119.00000000009EC000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
9EC000
|
Size: |
1523712
|
|
57FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554290238.00000000057FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
57FF000
|
Size: |
4096
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455249971.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
5D9C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326472065.0000000005D9C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9C000
|
Size: |
20480
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527642074.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
5DBD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527987310.0000000005DBD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBD000
|
Size: |
8192
|
|
3F1F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553065430.0000000003F1F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3F1F000
|
Size: |
4096
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326386415.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
5D93000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527934073.0000000005D93000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D93000
|
Size: |
20480
|
|
61ED4000
|
direct allocation
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2562371021.0000000061ED4000.00000002.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page readonly
|
Base address: |
61ED4000
|
Size: |
126976
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176182386.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5DA7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455647517.0000000005DA7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA7000
|
Size: |
20480
|
|
BE22000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2325881794.000000000BE22000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BE22000
|
Size: |
8192
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147541092.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
459E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553350512.000000000459E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
459E000
|
Size: |
8192
|
|
3A1F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552788256.0000000003A1F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3A1F000
|
Size: |
4096
|
|
405F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553113699.000000000405F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
405F000
|
Size: |
4096
|
|
E26000
|
unkown
|
page execute and write copy
|
|
|
|
Name: |
00000000.00000002.2551693894.0000000000E26000.00000080.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and write copy
|
Base address: |
E26000
|
Size: |
8192
|
|
5DBD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441041684.0000000005DBD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBD000
|
Size: |
16384
|
|
BF10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2329216649.000000000BF10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
BF10000
|
Size: |
167936
|
|
5DA1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527859479.0000000005DA1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA1000
|
Size: |
45056
|
|
5450000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000003.2149648079.0000000005450000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
5450000
|
Size: |
8192
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454981299.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176085211.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2168893986.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5DB2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2456175630.0000000005DB2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DB2000
|
Size: |
36864
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145160939.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
441F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553268509.000000000441F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
441F000
|
Size: |
4096
|
|
3070000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552363472.0000000003070000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3070000
|
Size: |
4096
|
|
4E30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553754743.0000000004E30000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E30000
|
Size: |
4096
|
|
309E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552383185.000000000309E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
309E000
|
Size: |
4096
|
|
5C6D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554491174.0000000005C6D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5C6D000
|
Size: |
12288
|
|
C07F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2558673165.000000000C07F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C07F000
|
Size: |
4096
|
|
3A5E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552812648.0000000003A5E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
3A5E000
|
Size: |
8192
|
|
5DB2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2454981299.0000000005DB2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DB2000
|
Size: |
45056
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176243108.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
495E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553548503.000000000495E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
495E000
|
Size: |
8192
|
|
5D8B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326570840.0000000005D8B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D8B000
|
Size: |
20480
|
|
5DA7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2456265395.0000000005DA7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA7000
|
Size: |
20480
|
|
5D93000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527358499.0000000005D93000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D93000
|
Size: |
20480
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527358499.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
5D9F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2515743571.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9F000
|
Size: |
53248
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175689828.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D97000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326496035.0000000005D97000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D97000
|
Size: |
49152
|
|
5DB2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455333844.0000000005DB2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DB2000
|
Size: |
24576
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2170849984.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5DC0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2456175630.0000000005DC0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
4096
|
|
C72000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2551141119.0000000000C72000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
C72000
|
Size: |
36864
|
|
5D92000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2516338892.0000000005D92000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D92000
|
Size: |
24576
|
|
37DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552714377.00000000037DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
37DE000
|
Size: |
8192
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2325277514.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
52C0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2149195805.00000000052C0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
52C0000
|
Size: |
53248
|
|
BE20000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2558168862.000000000BE20000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BE20000
|
Size: |
126976
|
|
545E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554046304.000000000545E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
545E000
|
Size: |
8192
|
|
5D9C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326363562.0000000005D9C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9C000
|
Size: |
16384
|
|
1475000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2551841501.0000000001475000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1475000
|
Size: |
8192
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175181973.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2175809946.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5D9F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441359584.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9F000
|
Size: |
12288
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441297649.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
5D9F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2515884830.0000000005D9F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D9F000
|
Size: |
53248
|
|
5DBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554935669.0000000005DBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DBC000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2170820437.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
C4B000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2551141119.0000000000C4B000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
C4B000
|
Size: |
98304
|
|
5EA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2555094848.0000000005EA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5EA5000
|
Size: |
1110016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2170784069.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
15DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2325997513.00000000015DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
15DB000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
4E36000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553754743.0000000004E36000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E36000
|
Size: |
8192
|
|
907000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2550910093.0000000000907000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
907000
|
Size: |
675840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
E25000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2551670125.0000000000E25000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
E25000
|
Size: |
4096
|
|
5DA4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2456081307.0000000005DA4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA4000
|
Size: |
32768
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176992073.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
6CA10000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2562614710.000000006CA10000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
6CA10000
|
Size: |
4096
|
|
55BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554190480.00000000055BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
55BE000
|
Size: |
8192
|
|
5ACE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2554424543.0000000005ACE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5ACE000
|
Size: |
8192
|
|
4E40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553754743.0000000004E40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E40000
|
Size: |
36864
|
|
B62000
|
unkown
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2551141119.0000000000B62000.00000040.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute and read and write
|
Base address: |
B62000
|
Size: |
946176
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2168647692.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2554108287.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
5470000
|
Size: |
4096
|
|
C12B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2527665023.000000000C12B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
C12B000
|
Size: |
4096
|
|
4E31000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2176905429.0000000004E31000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4E31000
|
Size: |
4096
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441143808.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
6C9FE000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2562551684.000000006C9FE000.00000004.00000001.01000000.0000000A.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
6C9FE000
|
Size: |
8192
|
|
4CDF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553676608.0000000004CDF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4CDF000
|
Size: |
4096
|
|
431E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553235771.000000000431E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
431E000
|
Size: |
8192
|
|
5D81000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455441626.0000000005D81000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D81000
|
Size: |
16384
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145376348.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
351F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2552601633.000000000351F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
351F000
|
Size: |
4096
|
|
6CA11000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.2562640218.000000006CA11000.00000020.00000001.01000000.00000009.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
6CA11000
|
Size: |
1695744
|
|
481E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2553435212.000000000481E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
481E000
|
Size: |
8192
|
|
5D97000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2326212520.0000000005D97000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D97000
|
Size: |
36864
|
|
4E20000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146270309.0000000004E20000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
4E20000
|
Size: |
53248
|
|
5DA5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2441072690.0000000005DA5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5DA5000
|
Size: |
28672
|
|
5D89000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2455721431.0000000005D89000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D89000
|
Size: |
28672
|
|