|
9FC0000
|
direct allocation
|
page read and write
|
 |
|
|
| Name: |
00000008.00000002.2577492519.0000000009FC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9FC0000
|
| Size: |
323584
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected LummaC Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
B91000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3929498121.0000000000B91000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
B91000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
| Sample uses string decryption to hide its real strings |
AV Detection |
|
|
|
9F70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2577492519.0000000009F70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9F70000
|
| Size: |
323584
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected LummaC Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
B91000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1555693067.0000000000B91000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
B91000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
|
|
9F0A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2577492519.0000000009F0A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9F0A000
|
| Size: |
323584
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected LummaC Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
CF1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1515957867.0000000000CF1000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CF1000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
|
|
102D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3938215987.000000000102D000.00000080.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
102D000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1966410915.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1944118469.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1940143302.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
595E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949550847.000000000595E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
595E000
|
| Size: |
8192
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1472917332.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
14CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492514889.00000000014CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14CC000
|
| Size: |
4096
|
|
|
4B4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557472722.0000000004B4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B4E000
|
| Size: |
8192
|
|
|
16E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940403336.00000000016E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16E7000
|
| Size: |
20480
|
|
|
4B0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557455266.0000000004B0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B0F000
|
| Size: |
4096
|
|
|
153C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574701562.000000000153C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
153C000
|
| Size: |
16384
|
|
|
471E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518701128.000000000471E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
471E000
|
| Size: |
8192
|
|
|
4D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519076579.0000000004D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D6E000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1486921466.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
9C62000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C62000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C62000
|
| Size: |
4096
|
|
|
792000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2598698443.0000000000792000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
792000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
888E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520362390.000000000888E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
888E000
|
| Size: |
8192
|
|
|
314E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517278899.000000000314E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
314E000
|
| Size: |
8192
|
|
|
E97000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000002.3935278110.0000000000E97000.00000080.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
E97000
|
| Size: |
1654784
|
|
|
9CBA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CBA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CBA000
|
| Size: |
4096
|
|
|
BFB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3930116087.0000000000BFB000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BFB000
|
| Size: |
1523712
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972930894.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1963677938.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
6936000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491881173.0000000006936000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6936000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487193201.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483492534.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
CF0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1515939722.0000000000CF0000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
CF0000
|
| Size: |
4096
|
|
|
143E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556296142.000000000143E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
143E000
|
| Size: |
8192
|
|
|
E56000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2574135595.0000000000E56000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E56000
|
| Size: |
8192
|
|
|
E96000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3930116087.0000000000E96000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E96000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484860759.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519008483.0000000004C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C2E000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485036709.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
460F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557313984.000000000460F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
460F000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488485963.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
14FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491933623.00000000014FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14FC000
|
| Size: |
208896
|
|
|
3200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556751052.0000000003200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
16384
|
|
|
5FFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949775059.0000000005FFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5FFD000
|
| Size: |
12288
|
|
|
A8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599452329.0000000000A8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A8E000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1973075044.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1934717818.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1925997047.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484888845.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
434F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948471307.000000000434F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
434F000
|
| Size: |
4096
|
|
|
FE7000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1516060448.0000000000FE7000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FE7000
|
| Size: |
40960
|
|
|
651000
|
remote allocation
|
page execute read
|
|
|
|
| Name: |
0000000A.00000002.2593506439.0000000000651000.00000020.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute read
|
| Base address: |
651000
|
| Size: |
278528
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1469724981.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
6C73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492587468.0000000006C73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C73000
|
| Size: |
8192
|
|
|
E40000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2572575945.0000000000E40000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
E40000
|
| Size: |
4096
|
|
|
3E1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518261847.0000000003E1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E1F000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1481094470.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1927782868.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
14D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492203156.00000000014D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14D0000
|
| Size: |
77824
|
|
|
5580000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3949447129.0000000005580000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5580000
|
| Size: |
4096
|
|
|
DE8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2573894822.0000000000DE8000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
DE8000
|
| Size: |
20480
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1924605550.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
221184
|
|
|
420F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948420042.000000000420F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
420F000
|
| Size: |
4096
|
|
|
4E80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519145578.0000000004E80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E80000
|
| Size: |
45056
|
|
|
49CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948763611.00000000049CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49CE000
|
| Size: |
8192
|
|
|
1842000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940881565.0000000001842000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1842000
|
| Size: |
24576
|
|
|
744000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2597803084.0000000000744000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
744000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
15B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516938252.00000000015B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B0000
|
| Size: |
16384
|
|
|
445F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518570492.000000000445F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
445F000
|
| Size: |
4096
|
|
|
464E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557332890.000000000464E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
464E000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484194858.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
9D5C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D5C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D5C000
|
| Size: |
4096
|
|
|
2A1FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2578898832.000000002A1FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A1FF000
|
| Size: |
4096
|
|
|
53D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1557638784.00000000053D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53D0000
|
| Size: |
4096
|
|
|
780000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2590557844.0000000000780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
8192
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1482528208.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
398E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945563369.000000000398E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
398E000
|
| Size: |
8192
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483442880.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
451000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.2572018273.0000000000451000.00000020.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
451000
|
| Size: |
4796416
|
|
|
54A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1475938439.00000000054A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54A0000
|
| Size: |
4096
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1939950601.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
E96000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1919762604.0000000000E96000.00000080.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
E96000
|
| Size: |
1675264
|
|
|
3A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945992538.0000000003A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A8F000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1944059267.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
9C0E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C0E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C0E000
|
| Size: |
8192
|
|
|
9C74000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C74000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C74000
|
| Size: |
4096
|
|
|
312F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556666546.000000000312F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
312F000
|
| Size: |
4096
|
|
|
3D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518129280.0000000003D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D1E000
|
| Size: |
8192
|
|
|
BF2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3929498121.0000000000BF2000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BF2000
|
| Size: |
20480
|
|
|
BFB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1555808565.0000000000BFB000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BFB000
|
| Size: |
1523712
|
|
|
11F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516489849.00000000011F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11F0000
|
| Size: |
4096
|
|
|
5520000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1519688808.0000000005520000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5520000
|
| Size: |
4096
|
|
|
478E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557366552.000000000478E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
478E000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972075532.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
102B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3938167195.000000000102B000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
102B000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487812529.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
77B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2598698443.000000000077B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
77B000
|
| Size: |
8192
|
|
|
1480000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516534659.0000000001480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1480000
|
| Size: |
8192
|
|
|
D9F000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000000.2243737224.0000000000D9F000.00000008.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
D9F000
|
| Size: |
303104
|
|
|
4630000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599809089.0000000004630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
12288
|
|
|
4EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948974397.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EA0000
|
| Size: |
4096
|
|
|
4D5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948904096.0000000004D5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D5F000
|
| Size: |
4096
|
|
|
450E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557295921.000000000450E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
450E000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487669166.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972823998.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
11C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574552217.00000000011C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C7000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
9CA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CA0000
|
| Size: |
4096
|
|
|
15AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516910391.00000000015AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15AE000
|
| Size: |
8192
|
|
|
744000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589909504.0000000000744000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
744000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1461946075.0000000004F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F80000
|
| Size: |
172032
|
|
|
4FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1924494521.0000000004FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FD0000
|
| Size: |
163840
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1925249415.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1938697946.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
14AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492067487.00000000014AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14AE000
|
| Size: |
126976
|
|
|
ED2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1516060448.0000000000ED2000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
ED2000
|
| Size: |
909312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1503944132.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
49CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557417882.00000000049CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49CF000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483713381.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
1545000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556363225.0000000001545000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1545000
|
| Size: |
8192
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1470527770.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1927179347.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
CF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1456570973.0000000000CF0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CF0000
|
| Size: |
4096
|
|
|
786000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589909504.0000000000786000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
786000
|
| Size: |
4096
|
|
|
78F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589909504.000000000078F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
78F000
|
| Size: |
8192
|
|
|
330F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945160958.000000000330F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
330F000
|
| Size: |
4096
|
|
|
5570000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3949425667.0000000005570000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
9D28000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D28000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D28000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485349101.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
53A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000003.1515854662.00000000053A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53A0000
|
| Size: |
4096
|
|
|
48CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557400176.00000000048CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48CE000
|
| Size: |
8192
|
|
|
9C56000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C56000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C56000
|
| Size: |
36864
|
|
|
9C8A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C8A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C8A000
|
| Size: |
8192
|
|
|
1475000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516534659.0000000001475000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1475000
|
| Size: |
16384
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1481261529.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
3A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517861254.0000000003A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A9E000
|
| Size: |
8192
|
|
|
4AEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518953186.0000000004AEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AEE000
|
| Size: |
8192
|
|
|
77B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589909504.000000000077B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
77B000
|
| Size: |
8192
|
|
|
116D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574518118.000000000116D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
116D000
|
| Size: |
12288
|
|
|
448F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948522667.000000000448F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
448F000
|
| Size: |
4096
|
|
|
15C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3939897783.00000000015C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C0000
|
| Size: |
16384
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1961775470.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
395E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517793570.000000000395E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
395E000
|
| Size: |
8192
|
|
|
1770000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940881565.0000000001770000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1770000
|
| Size: |
24576
|
|
|
9D50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D50000
|
| Size: |
4096
|
|
|
39CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556989349.00000000039CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39CE000
|
| Size: |
8192
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1469181795.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
4E92000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492257680.0000000004E92000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E92000
|
| Size: |
4096
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1463775640.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
884C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520340200.000000000884C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
884C000
|
| Size: |
16384
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972856298.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
3BDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517918114.0000000003BDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BDE000
|
| Size: |
8192
|
|
|
2A0FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2578859121.000000002A0FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A0FC000
|
| Size: |
16384
|
|
|
DE3000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2573820240.0000000000DE3000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
DE3000
|
| Size: |
12288
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1482908609.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483843193.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
8192
|
|
|
D5B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1516060448.0000000000D5B000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D5B000
|
| Size: |
1523712
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483089313.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1505693924.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
7280000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491832644.0000000007280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7280000
|
| Size: |
8192
|
|
|
77B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2590557844.000000000077B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
77B000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971345585.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483376941.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
E96000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000002.00000000.1491987460.0000000000E96000.00000080.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
E96000
|
| Size: |
1675264
|
|
|
9C1A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C1A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C1A000
|
| Size: |
12288
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1943806736.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488352485.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
535E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519213836.000000000535E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
535E000
|
| Size: |
8192
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1498345526.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
8BFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520437409.0000000008BFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8BFC000
|
| Size: |
16384
|
|
|
DF1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2573894822.0000000000DF1000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
DF1000
|
| Size: |
20480
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971710156.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1505046749.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485299853.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1462045718.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
233472
|
|
|
1805000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940881565.0000000001805000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1805000
|
| Size: |
32768
|
|
|
14E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492876202.00000000014E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E5000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1482850910.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
45EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599760483.00000000045EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45EE000
|
| Size: |
8192
|
|
|
4DB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1517309906.0000000004DB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DB1000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1461667662.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
54A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1475843906.00000000054A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54A0000
|
| Size: |
8192
|
|
|
3C0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557039245.0000000003C0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C0F000
|
| Size: |
4096
|
|
|
1590000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574805242.0000000001590000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1590000
|
| Size: |
8192
|
|
|
9D70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D70000
|
| Size: |
16384
|
|
|
4AAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518917645.0000000004AAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4AAF000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1486767257.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
9C18000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C18000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C18000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972896689.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
5360000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1941616693.0000000005360000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5360000
|
| Size: |
53248
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1931619566.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
14E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492203156.00000000014E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E5000
|
| Size: |
4096
|
|
|
A0EE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2424033267.000000000A0EE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
A0EE000
|
| Size: |
61440
|
|
|
45DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518648391.00000000045DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45DE000
|
| Size: |
8192
|
|
|
29DFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2578529739.0000000029DFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29DFF000
|
| Size: |
4096
|
|
|
E40000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2572547090.0000000000E40000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
E40000
|
| Size: |
4096
|
|
|
450000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.2242910904.0000000000450000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
450000
|
| Size: |
4096
|
|
|
5530000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3949324789.0000000005530000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5530000
|
| Size: |
4096
|
|
|
421E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518469589.000000000421E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
421E000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971527109.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4C10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948861445.0000000004C10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
4096
|
|
|
3F8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948188156.0000000003F8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F8F000
|
| Size: |
4096
|
|
|
4C7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599937233.0000000004C7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C7F000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972657633.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
FDF000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1516060448.0000000000FDF000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FDF000
|
| Size: |
28672
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484758449.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483817939.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
8192
|
|
|
5510000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3949274614.0000000005510000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5510000
|
| Size: |
4096
|
|
|
534C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949051591.000000000534C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
534C000
|
| Size: |
16384
|
|
|
481F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518732380.000000000481F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
481F000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487040391.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971742443.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483302215.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1940091263.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
49152
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484224693.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
435E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518547637.000000000435E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
435E000
|
| Size: |
8192
|
|
|
9C0A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C0A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C0A000
|
| Size: |
12288
|
|
|
1088000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574300472.0000000001088000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1088000
|
| Size: |
28672
|
|
|
188E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517035909.000000000188E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
188E000
|
| Size: |
8192
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1467641476.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
9ED0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2577492519.0000000009ED0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9ED0000
|
| Size: |
233472
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
320F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945133653.000000000320F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
320F000
|
| Size: |
4096
|
|
|
DE2000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000002.2573755277.0000000000DE2000.00000008.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
DE2000
|
| Size: |
4096
|
|
|
5D3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949689248.0000000005D3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D3D000
|
| Size: |
12288
|
|
|
9D84000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D84000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D84000
|
| Size: |
4096
|
|
|
14F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516804666.00000000014F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F3000
|
| Size: |
32768
|
|
|
9C98000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C98000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C98000
|
| Size: |
4096
|
|
|
78F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2598698443.000000000078F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
78F000
|
| Size: |
8192
|
|
|
438F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557244847.000000000438F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
438F000
|
| Size: |
4096
|
|
|
6E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2594945404.00000000006E0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E0000
|
| Size: |
4096
|
|
|
14E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491933623.00000000014E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E7000
|
| Size: |
4096
|
|
|
759000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2597803084.0000000000759000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
759000
|
| Size: |
8192
|
|
|
44CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948547047.00000000044CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44CE000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487560753.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483428184.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
9C12000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C12000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C12000
|
| Size: |
4096
|
|
|
1080000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574300472.0000000001080000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1080000
|
| Size: |
4096
|
|
|
9C24000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C24000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C24000
|
| Size: |
28672
|
|
|
73D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2597803084.000000000073D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
73D000
|
| Size: |
16384
|
|
|
1490000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516713116.0000000001490000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1490000
|
| Size: |
106496
|
|
|
409F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518377954.000000000409F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
409F000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484139789.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4DB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1497158970.0000000004DB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DB1000
|
| Size: |
233472
|
|
|
5720000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519807353.0000000005720000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5720000
|
| Size: |
8192
|
|
|
E40000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2572516782.0000000000E40000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
E40000
|
| Size: |
4096
|
|
|
330F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556782676.000000000330F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
330F000
|
| Size: |
4096
|
|
|
53E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1557659639.00000000053E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53E0000
|
| Size: |
4096
|
|
|
4DB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1509878434.0000000004DB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DB1000
|
| Size: |
49152
|
|
|
9C00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C00000
|
| Size: |
12288
|
|
|
759000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589909504.0000000000759000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
759000
|
| Size: |
8192
|
|
|
5500000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1519610420.0000000005500000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5500000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485912213.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1973147805.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
381E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517740870.000000000381E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
381E000
|
| Size: |
8192
|
|
|
545F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519345382.000000000545F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
545F000
|
| Size: |
4096
|
|
|
B90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1491850488.0000000000B90000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B90000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487227039.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1973180095.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1926536504.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
431F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518506944.000000000431F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
431F000
|
| Size: |
4096
|
|
|
4ED0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948997811.0000000004ED0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED0000
|
| Size: |
36864
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1940173348.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
370F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556870281.000000000370F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
370F000
|
| Size: |
4096
|
|
|
5360000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949103910.0000000005360000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5360000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488391867.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
A4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599382148.0000000000A4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A4E000
|
| Size: |
8192
|
|
|
3C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948016777.0000000003C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C0E000
|
| Size: |
8192
|
|
|
9C36000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C36000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C36000
|
| Size: |
16384
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483574315.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
786000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2598698443.0000000000786000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
786000
|
| Size: |
4096
|
|
|
7DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589773718.00000000007DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DB000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948924868.0000000004D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D9E000
|
| Size: |
8192
|
|
|
792000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2590557844.0000000000792000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
792000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
3D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948094716.0000000003D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D4E000
|
| Size: |
8192
|
|
|
14B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516748363.00000000014B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14B7000
|
| Size: |
86016
|
|
|
CF1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1456590662.0000000000CF1000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CF1000
|
| Size: |
393216
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971597500.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4DB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1517265385.0000000004DB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DB1000
|
| Size: |
49152
|
|
|
5230000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557584511.0000000005230000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5230000
|
| Size: |
4096
|
|
|
690E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519961331.000000000690E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
690E000
|
| Size: |
8192
|
|
|
72D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2595123958.000000000072D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
72D000
|
| Size: |
12288
|
|
|
E1A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.2243807218.0000000000E1A000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E1A000
|
| Size: |
241664
|
|
|
9CB2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CB2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CB2000
|
| Size: |
4096
|
|
|
360F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556854260.000000000360F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
360F000
|
| Size: |
4096
|
|
|
414E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557193982.000000000414E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
414E000
|
| Size: |
8192
|
|
|
9D16000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D16000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D16000
|
| Size: |
12288
|
|
|
53AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949126256.00000000053AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
53AC000
|
| Size: |
16384
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485667168.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485065391.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
6C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520160155.0000000006C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C50000
|
| Size: |
4096
|
|
|
118D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.1516472238.000000000118D000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
118D000
|
| Size: |
8192
|
|
|
4DB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557568210.0000000004DB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DB0000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971287475.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4C4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557492775.0000000004C4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C4F000
|
| Size: |
4096
|
|
|
B50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1555600198.0000000000B50000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B50000
|
| Size: |
4096
|
|
|
400E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557159299.000000000400E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
400E000
|
| Size: |
8192
|
|
|
5550000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3949380433.0000000005550000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5550000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1486116468.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483459203.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
54D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1519493682.00000000054D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54D0000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1462093003.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
178E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516961948.000000000178E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
178E000
|
| Size: |
8192
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1500811325.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1481922146.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
155E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3938359981.000000000155E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
155E000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1966439138.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
9C76000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C76000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C76000
|
| Size: |
4096
|
|
|
D9F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2573576916.0000000000D9F000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D9F000
|
| Size: |
45056
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971775336.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
E16000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2573894822.0000000000E16000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E16000
|
| Size: |
4096
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1465575736.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485414427.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1973233806.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483981552.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
102D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000002.00000002.1556266862.000000000102D000.00000080.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
102D000
|
| Size: |
8192
|
|
|
3207000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556751052.0000000003207000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3207000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1943458009.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
BF9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1555787445.0000000000BF9000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
BF9000
|
| Size: |
4096
|
|
|
11BD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3938302727.00000000011BD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11BD000
|
| Size: |
12288
|
|
|
9C52000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C52000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C52000
|
| Size: |
8192
|
|
|
308E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517063986.000000000308E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
308E000
|
| Size: |
8192
|
|
|
57DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949530497.00000000057DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57DE000
|
| Size: |
8192
|
|
|
9CA8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CA8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CA8000
|
| Size: |
4096
|
|
|
9C30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C30000
|
| Size: |
8192
|
|
|
9C9E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C9E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C9E000
|
| Size: |
4096
|
|
|
9E30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2577492519.0000000009E30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9E30000
|
| Size: |
651264
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1961154465.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1486635845.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
54AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949147362.00000000054AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54AF000
|
| Size: |
4096
|
|
|
731000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2595123958.0000000000731000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
731000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1944171227.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
15B2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574805242.00000000015B2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
15B2000
|
| Size: |
4096
|
|
|
53C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000003.1515814518.00000000053C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53C0000
|
| Size: |
4096
|
|
|
9CAE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CAE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CAE000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1966377491.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
73C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589909504.000000000073C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
73C000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1070000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574262896.0000000001070000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1070000
|
| Size: |
4096
|
|
|
697000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2594663861.0000000000697000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
697000
|
| Size: |
24576
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483003756.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483741150.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
5430000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1557748532.0000000005430000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5430000
|
| Size: |
4096
|
|
|
9C60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C60000
|
| Size: |
4096
|
|
|
6C3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520115642.0000000006C3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C3F000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971862501.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971426418.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
456D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599684120.000000000456D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
456D000
|
| Size: |
12288
|
|
|
4B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948817186.0000000004B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B0E000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484912211.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1481137876.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
5500000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3949167844.0000000005500000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5500000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1973284401.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
9D26000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D26000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D26000
|
| Size: |
4096
|
|
|
14AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516734913.00000000014AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14AD000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1973036764.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971954715.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485006355.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
54B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1519417174.00000000054B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54B0000
|
| Size: |
4096
|
|
|
162C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556425275.000000000162C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
162C000
|
| Size: |
16384
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487113476.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484688068.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
A75000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2572931320.0000000000A75000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A75000
|
| Size: |
3317760
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485470298.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
9C06000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C06000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C06000
|
| Size: |
4096
|
|
|
650000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.2592197882.0000000000650000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
650000
|
| Size: |
4096
|
|
|
7270000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491832644.0000000007270000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7270000
|
| Size: |
4096
|
|
|
46DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518672585.00000000046DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46DF000
|
| Size: |
4096
|
|
|
169A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556553748.000000000169A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
169A000
|
| Size: |
8192
|
|
|
BF9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3930089331.0000000000BF9000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
BF9000
|
| Size: |
4096
|
|
|
1430000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516534659.0000000001430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1430000
|
| Size: |
36864
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484720937.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
54E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1942150945.00000000054E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54E0000
|
| Size: |
4096
|
|
|
17D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940881565.00000000017D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D0000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
688E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519879174.000000000688E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
688E000
|
| Size: |
8192
|
|
|
4DB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1513997542.0000000004DB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DB1000
|
| Size: |
4096
|
|
|
3ECE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557125367.0000000003ECE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ECE000
|
| Size: |
8192
|
|
|
4C5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948881151.0000000004C5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C5E000
|
| Size: |
8192
|
|
|
450000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2571967660.0000000000450000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
450000
|
| Size: |
4096
|
|
|
5E3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949729667.0000000005E3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E3D000
|
| Size: |
12288
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484291548.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1966323312.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4E9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948946563.0000000004E9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E9F000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972625386.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
102B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1556251755.000000000102B000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
102B000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484045771.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
5540000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1519769459.0000000005540000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5540000
|
| Size: |
4096
|
|
|
54F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1942106473.00000000054F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54F0000
|
| Size: |
4096
|
|
|
1670000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556496675.0000000001670000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1670000
|
| Size: |
4096
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1468253885.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
9C90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C90000
|
| Size: |
4096
|
|
|
1420000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3938327055.0000000001420000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1420000
|
| Size: |
4096
|
|
|
D52000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1456590662.0000000000D52000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D52000
|
| Size: |
16384
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1472935814.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971491332.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
3ACF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557005512.0000000003ACF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ACF000
|
| Size: |
4096
|
|
|
43CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557261476.00000000043CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43CE000
|
| Size: |
8192
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1936871739.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
6A5000
|
remote allocation
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.2594895966.00000000006A5000.00000002.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page readonly
|
| Base address: |
6A5000
|
| Size: |
16384
|
|
|
54E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1519530661.00000000054E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54E0000
|
| Size: |
4096
|
|
|
4C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557512998.0000000004C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C8E000
|
| Size: |
8192
|
|
|
9F5A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2577492519.0000000009F5A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9F5A000
|
| Size: |
86016
|
|
|
9C2C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C2C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C2C000
|
| Size: |
12288
|
|
|
7271000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491710483.0000000007271000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7271000
|
| Size: |
4096
|
|
|
6F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2594992037.00000000006F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F0000
|
| Size: |
8192
|
|
|
5520000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3949300966.0000000005520000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5520000
|
| Size: |
4096
|
|
|
316E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556681023.000000000316E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
316E000
|
| Size: |
8192
|
|
|
8AFB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520408906.0000000008AFB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8AFB000
|
| Size: |
20480
|
|
|
75C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589909504.000000000075C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
75C000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
D59000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1456655133.0000000000D59000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
D59000
|
| Size: |
4096
|
|
|
53C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000003.1515719454.00000000053C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53C0000
|
| Size: |
8192
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1482973516.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
14F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488036126.00000000014F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F5000
|
| Size: |
4096
|
|
|
14EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516804666.00000000014EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14EE000
|
| Size: |
16384
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483473547.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
14D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492067487.00000000014D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14D0000
|
| Size: |
77824
|
|
|
870000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599275921.0000000000870000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
870000
|
| Size: |
16384
|
|
|
54F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1942018714.00000000054F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54F0000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1964347918.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
9C1E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C1E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C1E000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1482796126.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
4EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948997811.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EE0000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484074582.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972705589.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971929497.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1482868047.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1482031032.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483395084.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
9C68000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C68000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C68000
|
| Size: |
4096
|
|
|
10C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574374758.00000000010C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10C0000
|
| Size: |
16384
|
|
|
9D68000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D68000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D68000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488315472.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
5420000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1557730200.0000000005420000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5420000
|
| Size: |
4096
|
|
|
BF2000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1919681578.0000000000BF2000.00000080.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
BF2000
|
| Size: |
16384
|
|
|
1540000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574746961.0000000001540000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1540000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971459299.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
3D4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557073855.0000000003D4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D4F000
|
| Size: |
4096
|
|
|
1400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516512420.0000000001400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1400000
|
| Size: |
8192
|
|
|
9D56000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D56000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D56000
|
| Size: |
20480
|
|
|
1511000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487917850.0000000001511000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1511000
|
| Size: |
40960
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488579608.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
9D2E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D2E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D2E000
|
| Size: |
4096
|
|
|
B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1555622343.0000000000B60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B60000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485710786.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
9C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C20000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972259252.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
BF2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1555693067.0000000000BF2000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
BF2000
|
| Size: |
20480
|
|
|
14ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491933623.00000000014ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14ED000
|
| Size: |
20480
|
|
|
5ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949596181.0000000005ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ABE000
|
| Size: |
8192
|
|
|
424F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557211620.000000000424F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
424F000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1486352058.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
AEC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1555574564.0000000000AEC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AEC000
|
| Size: |
16384
|
|
|
394F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945533892.000000000394F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
394F000
|
| Size: |
4096
|
|
|
1778000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940881565.0000000001778000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1778000
|
| Size: |
167936
|
|
|
9D5E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D5E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D5E000
|
| Size: |
4096
|
|
|
10C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574374758.00000000010C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10C5000
|
| Size: |
12288
|
|
|
5230000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1515420041.0000000005230000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5230000
|
| Size: |
53248
|
|
|
14E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492350182.00000000014E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E5000
|
| Size: |
4096
|
|
|
37DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517722410.00000000037DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37DF000
|
| Size: |
4096
|
|
|
9CAA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CAA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CAA000
|
| Size: |
4096
|
|
|
5480000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1477129472.0000000005480000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5480000
|
| Size: |
4096
|
|
|
1110000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574449561.0000000001110000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1110000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971834939.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
14D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516748363.00000000014D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14D0000
|
| Size: |
77824
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485142335.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
E87000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1555808565.0000000000E87000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E87000
|
| Size: |
40960
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1462108562.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
17A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940881565.00000000017A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A2000
|
| Size: |
4096
|
|
|
17FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940881565.00000000017FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17FB000
|
| Size: |
24576
|
|
|
9C9C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C9C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C9C000
|
| Size: |
4096
|
|
|
3B9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517894867.0000000003B9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B9F000
|
| Size: |
4096
|
|
|
14F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488036126.00000000014F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F8000
|
| Size: |
12288
|
|
|
17A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940881565.00000000017A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A8000
|
| Size: |
159744
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
459F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518614756.000000000459F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
459F000
|
| Size: |
4096
|
|
|
9D42000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D42000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D42000
|
| Size: |
4096
|
|
|
6C74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520211386.0000000006C74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C74000
|
| Size: |
4096
|
|
|
E54000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3930116087.0000000000E54000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E54000
|
| Size: |
98304
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1462166456.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
A73000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.2243323865.0000000000A73000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A73000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1486996934.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
8192
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1462077336.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
5310000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519192234.0000000005310000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5310000
|
| Size: |
4096
|
|
|
9CB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CB0000
|
| Size: |
4096
|
|
|
1120000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574486471.0000000001120000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1120000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485790132.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1938112719.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
54C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1942171434.00000000054C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54C0000
|
| Size: |
4096
|
|
|
3FCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557142844.0000000003FCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FCF000
|
| Size: |
4096
|
|
|
9C22000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C22000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C22000
|
| Size: |
4096
|
|
|
898E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520385491.000000000898E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
898E000
|
| Size: |
8192
|
|
|
3E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518295125.0000000003E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E5E000
|
| Size: |
8192
|
|
|
9D12000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D12000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D12000
|
| Size: |
4096
|
|
|
4E91000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519145578.0000000004E91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E91000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487160865.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
D59000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516019900.0000000000D59000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D59000
|
| Size: |
4096
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1936173754.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
9D8A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D8A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D8A000
|
| Size: |
8192
|
|
|
428E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557227812.000000000428E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
428E000
|
| Size: |
8192
|
|
|
68CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519921082.00000000068CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
68CE000
|
| Size: |
8192
|
|
|
3E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948166410.0000000003E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E8E000
|
| Size: |
8192
|
|
|
780000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589909504.0000000000780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971389251.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
495F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518807744.000000000495F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
495F000
|
| Size: |
4096
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1501348217.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484957705.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
9C6E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C6E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C6E000
|
| Size: |
12288
|
|
|
E56000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.2243807218.0000000000E56000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E56000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1964709501.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1482068850.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
180E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940881565.000000000180E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180E000
|
| Size: |
208896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1502590711.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485827198.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
147B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516534659.000000000147B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
147B000
|
| Size: |
4096
|
|
|
424E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948445781.000000000424E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
424E000
|
| Size: |
8192
|
|
|
410E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948382415.000000000410E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
410E000
|
| Size: |
8192
|
|
|
9D40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D40000
|
| Size: |
4096
|
|
|
5450000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1557791455.0000000005450000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5450000
|
| Size: |
4096
|
|
|
358F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945296083.000000000358F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
358F000
|
| Size: |
4096
|
|
|
9C34000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C34000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C34000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487621769.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
DE6000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000002.2573862081.0000000000DE6000.00000008.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
DE6000
|
| Size: |
8192
|
|
|
9CA4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CA4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CA4000
|
| Size: |
4096
|
|
|
40CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948348246.00000000040CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40CF000
|
| Size: |
4096
|
|
|
4D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557548867.0000000004D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D90000
|
| Size: |
4096
|
|
|
484F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948683610.000000000484F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
484F000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972039251.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
874B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520306999.000000000874B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
874B000
|
| Size: |
20480
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485755958.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483359946.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1497777546.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
A0FE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.2424033267.000000000A0FE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
A0FE000
|
| Size: |
643072
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484015443.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
7D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589773718.00000000007D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D6000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
E96000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1555808565.0000000000E96000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E96000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484113336.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
9C92000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C92000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C92000
|
| Size: |
4096
|
|
|
334E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945224278.000000000334E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
334E000
|
| Size: |
8192
|
|
|
310E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517117108.000000000310E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
310E000
|
| Size: |
8192
|
|
|
875000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599275921.0000000000875000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
875000
|
| Size: |
12288
|
|
|
438E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948495768.000000000438E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
438E000
|
| Size: |
8192
|
|
|
4D2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519055403.0000000004D2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D2F000
|
| Size: |
4096
|
|
|
61A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949796081.00000000061A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61A0000
|
| Size: |
4096
|
|
|
384E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945473646.000000000384E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
384E000
|
| Size: |
8192
|
|
|
9D6C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D6C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D6C000
|
| Size: |
4096
|
|
|
17E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940881565.00000000017E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17E7000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2590983717.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
221184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
9D1A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D1A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D1A000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483923433.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483951276.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487311435.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
75C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2597803084.000000000075C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
75C000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
9C96000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C96000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C96000
|
| Size: |
4096
|
|
|
9CCE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CCE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CCE000
|
| Size: |
24576
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1464315183.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2590557844.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
221184
|
|
|
9C41000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C41000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C41000
|
| Size: |
16384
|
|
|
5540000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3949350594.0000000005540000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5540000
|
| Size: |
4096
|
|
|
78F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2590557844.000000000078F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
78F000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1943940533.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
148E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492307618.000000000148E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
148E000
|
| Size: |
4096
|
|
|
53C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000003.1515829739.00000000053C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53C0000
|
| Size: |
4096
|
|
|
B91000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000006.00000000.1919681578.0000000000B91000.00000080.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
B91000
|
| Size: |
393216
|
|
|
345F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517484976.000000000345F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
345F000
|
| Size: |
4096
|
|
|
771000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2598698443.0000000000771000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
771000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1966286051.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483791017.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
8192
|
|
|
14B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492203156.00000000014B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14B3000
|
| Size: |
106496
|
|
|
9C6C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C6C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C6C000
|
| Size: |
4096
|
|
|
5CFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949665716.0000000005CFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5CFC000
|
| Size: |
16384
|
|
|
11C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574552217.00000000011C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C0000
|
| Size: |
20480
|
|
|
9C4C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C4C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C4C000
|
| Size: |
16384
|
|
|
1511000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487705014.0000000001511000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1511000
|
| Size: |
4096
|
|
|
9C08000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C08000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C08000
|
| Size: |
4096
|
|
|
344F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945247919.000000000344F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
344F000
|
| Size: |
4096
|
|
|
325F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517416273.000000000325F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
325F000
|
| Size: |
4096
|
|
|
9D00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D00000
|
| Size: |
20480
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1943380901.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
49152
|
|
|
9C7A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C7A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C7A000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1943753124.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
9D4A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D4A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D4A000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1480058028.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
49152
|
|
|
5530000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1519727499.0000000005530000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5530000
|
| Size: |
4096
|
|
|
5470000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519377000.0000000005470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1463234382.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
DED000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599606560.0000000000DED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DED000
|
| Size: |
12288
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485859306.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1486737793.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
370E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945415163.000000000370E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
370E000
|
| Size: |
8192
|
|
|
B90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1919656235.0000000000B90000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B90000
|
| Size: |
4096
|
|
|
E19000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000000.2243737224.0000000000E19000.00000008.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
E19000
|
| Size: |
4096
|
|
|
5A5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949574750.0000000005A5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A5E000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485498148.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
786000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2590557844.0000000000786000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
786000
|
| Size: |
4096
|
|
|
14AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492147444.00000000014AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14AA000
|
| Size: |
16384
|
|
|
16CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940044428.00000000016CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16CF000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971992107.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
9D0C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D0C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D0C000
|
| Size: |
12288
|
|
|
1483000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516689335.0000000001483000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1483000
|
| Size: |
32768
|
|
|
348E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945272334.000000000348E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
348E000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972743680.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
E87000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3930116087.0000000000E87000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E87000
|
| Size: |
40960
|
|
|
3DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2591148768.00000000003DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DC000
|
| Size: |
16384
|
|
|
9C16000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C16000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C16000
|
| Size: |
4096
|
|
|
3A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517833547.0000000003A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A5F000
|
| Size: |
4096
|
|
|
5724000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519807353.0000000005724000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5724000
|
| Size: |
12288
|
|
|
E19000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000002.2574063971.0000000000E19000.00000008.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
E19000
|
| Size: |
4096
|
|
|
9CB6000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CB6000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CB6000
|
| Size: |
4096
|
|
|
9D10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D10000
|
| Size: |
4096
|
|
|
1DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2571821710.00000000001DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1DD000
|
| Size: |
12288
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1486191493.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
5390000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000003.1515887922.0000000005390000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5390000
|
| Size: |
4096
|
|
|
4960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518842220.0000000004960000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4960000
|
| Size: |
4096
|
|
|
9C7C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C7C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C7C000
|
| Size: |
20480
|
|
|
15C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3939897783.00000000015C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C5000
|
| Size: |
8192
|
|
|
E7F000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1555808565.0000000000E7F000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E7F000
|
| Size: |
28672
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1973112597.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1462153621.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
6935000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491792525.0000000006935000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6935000
|
| Size: |
8192
|
|
|
54A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1476658689.00000000054A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54A0000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1482696384.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
14E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492514889.00000000014E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E5000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972137680.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
14E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516790438.00000000014E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E5000
|
| Size: |
4096
|
|
|
5470000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1477171842.0000000005470000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
9CA6000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CA6000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CA6000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485944017.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1944204596.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
335F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517438330.000000000335F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
335F000
|
| Size: |
4096
|
|
|
727E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491710483.000000000727E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
727E000
|
| Size: |
4096
|
|
|
4E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1519112101.0000000004E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E6F000
|
| Size: |
4096
|
|
|
5310000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1474297950.0000000005310000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5310000
|
| Size: |
53248
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485597684.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
14FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487705014.00000000014FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14FB000
|
| Size: |
61440
|
|
|
15EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556409476.00000000015EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15EE000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1943556965.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
9CB4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CB4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CB4000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1960892491.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
E54000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1555808565.0000000000E54000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E54000
|
| Size: |
98304
|
|
|
9BED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574946281.0000000009BED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9BED000
|
| Size: |
12288
|
|
|
9C46000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C46000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C46000
|
| Size: |
12288
|
|
|
4C0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948841842.0000000004C0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C0F000
|
| Size: |
4096
|
|
|
792000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589909504.0000000000792000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
792000
|
| Size: |
53248
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1471099685.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
5BBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949618355.0000000005BBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BBF000
|
| Size: |
4096
|
|
|
770000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2590557844.0000000000770000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
770000
|
| Size: |
8192
|
|
|
E2D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599649007.0000000000E2D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2D000
|
| Size: |
12288
|
|
|
4ACF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948792278.0000000004ACF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4ACF000
|
| Size: |
4096
|
|
|
5EFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949752957.0000000005EFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EFD000
|
| Size: |
12288
|
|
|
FF6000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1516060448.0000000000FF6000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FF6000
|
| Size: |
4096
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1502009595.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
A19C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2578170063.000000000A19C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
A19C000
|
| Size: |
278528
|
|
|
54A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1477099213.00000000054A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54A0000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971632087.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
3E4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948123523.0000000003E4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E4F000
|
| Size: |
4096
|
|
|
388E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556955079.000000000388E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
388E000
|
| Size: |
8192
|
|
|
485E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518765315.000000000485E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
485E000
|
| Size: |
8192
|
|
|
9C86000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C86000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C86000
|
| Size: |
4096
|
|
|
5230000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1514839898.0000000005230000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5230000
|
| Size: |
53248
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1481505606.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
14FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516804666.00000000014FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14FC000
|
| Size: |
208896
|
|
|
9CB8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CB8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CB8000
|
| Size: |
4096
|
|
|
7280000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491710483.0000000007280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7280000
|
| Size: |
8192
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1472900148.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
41DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518429953.00000000041DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41DF000
|
| Size: |
4096
|
|
|
31AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556696569.00000000031AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31AE000
|
| Size: |
8192
|
|
|
4DB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1513661390.0000000004DB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DB1000
|
| Size: |
4096
|
|
|
3ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3946021554.0000000003ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ACE000
|
| Size: |
8192
|
|
|
BEB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1515898718.0000000000BEB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BEB000
|
| Size: |
20480
|
|
|
FF6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000000.1456669427.0000000000FF6000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FF6000
|
| Size: |
1675264
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1962086401.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
40DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518407406.00000000040DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40DE000
|
| Size: |
8192
|
|
|
169E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556553748.000000000169E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
169E000
|
| Size: |
155648
|
|
|
8612000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520233408.0000000008612000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8612000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483663334.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4D8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557531455.0000000004D8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D8F000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1482762627.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
3FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948209508.0000000003FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FCE000
|
| Size: |
8192
|
|
|
355F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517556295.000000000355F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
355F000
|
| Size: |
4096
|
|
|
5410000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1557711289.0000000005410000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5410000
|
| Size: |
4096
|
|
|
BF9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.1919745225.0000000000BF9000.00000008.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
BF9000
|
| Size: |
4096
|
|
|
FF7000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000000.00000002.1516331874.0000000000FF7000.00000080.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
FF7000
|
| Size: |
1654784
|
|
|
84E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599177767.000000000084E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
84E000
|
| Size: |
8192
|
|
|
E1A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2574135595.0000000000E1A000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E1A000
|
| Size: |
241664
|
|
|
14E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492067487.00000000014E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E5000
|
| Size: |
4096
|
|
|
176B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940854811.000000000176B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
176B000
|
| Size: |
20480
|
|
|
302F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556651153.000000000302F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
302F000
|
| Size: |
4096
|
|
|
14D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492514889.00000000014D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14D0000
|
| Size: |
77824
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1943843627.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
9C72000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C72000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C72000
|
| Size: |
4096
|
|
|
156E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516883062.000000000156E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
156E000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484815198.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
10BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3938242251.00000000010BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10BC000
|
| Size: |
16384
|
|
|
8E4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.2243323865.00000000008E4000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8E4000
|
| Size: |
1626112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
451000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000001.2244285161.0000000000451000.00000020.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
image loaded
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
451000
|
| Size: |
270336
|
|
|
45AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599721407.00000000045AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45AD000
|
| Size: |
12288
|
|
|
4B7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599899397.0000000004B7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B7D000
|
| Size: |
12288
|
|
|
9C04000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C04000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C04000
|
| Size: |
4096
|
|
|
369F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517671057.000000000369F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
369F000
|
| Size: |
4096
|
|
|
1560000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574777470.0000000001560000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1560000
|
| Size: |
12288
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488448658.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
6B3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520056239.0000000006B3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B3F000
|
| Size: |
4096
|
|
|
474E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948652287.000000000474E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
474E000
|
| Size: |
8192
|
|
|
53B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000003.1515870284.00000000053B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53B0000
|
| Size: |
4096
|
|
|
3150000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517310341.0000000003150000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3150000
|
| Size: |
20480
|
|
|
30CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517088679.00000000030CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30CC000
|
| Size: |
16384
|
|
|
118B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1516443549.000000000118B000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
118B000
|
| Size: |
8192
|
|
|
9D8E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D8E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D8E000
|
| Size: |
4096
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1499471511.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
1490000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492307618.0000000001490000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1490000
|
| Size: |
106496
|
|
|
4BEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518983357.0000000004BEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BEF000
|
| Size: |
4096
|
|
|
695000
|
remote allocation
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.2594189026.0000000000695000.00000002.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page readonly
|
| Base address: |
695000
|
| Size: |
8192
|
|
|
9D34000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D34000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D34000
|
| Size: |
4096
|
|
|
9C84000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C84000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C84000
|
| Size: |
4096
|
|
|
112D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556281393.000000000112D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
112D000
|
| Size: |
12288
|
|
|
54D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1942132422.00000000054D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54D0000
|
| Size: |
4096
|
|
|
35CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945318684.00000000035CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35CE000
|
| Size: |
8192
|
|
|
710000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2595123958.0000000000710000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
710000
|
| Size: |
24576
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483509176.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483898856.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
474F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557350409.000000000474F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
474F000
|
| Size: |
4096
|
|
|
B90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3929448729.0000000000B90000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B90000
|
| Size: |
4096
|
|
|
3D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948060244.0000000003D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D0F000
|
| Size: |
4096
|
|
|
6930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491881173.0000000006930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6930000
|
| Size: |
8192
|
|
|
488F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557383550.000000000488F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
488F000
|
| Size: |
4096
|
|
|
5BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949643554.0000000005BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BFE000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972981878.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
14F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1491933623.00000000014F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F3000
|
| Size: |
32768
|
|
|
488E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948710563.000000000488E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
488E000
|
| Size: |
8192
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1472886045.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
9C14000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C14000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C14000
|
| Size: |
4096
|
|
|
380F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945448046.000000000380F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
380F000
|
| Size: |
4096
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1471642228.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1504497491.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
9D3B000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D3B000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D3B000
|
| Size: |
4096
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1466294444.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
B91000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000002.00000000.1491873427.0000000000B91000.00000080.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
B91000
|
| Size: |
393216
|
|
|
56DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949507918.00000000056DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56DE000
|
| Size: |
8192
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1937513865.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
54A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1476917836.00000000054A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54A0000
|
| Size: |
4096
|
|
|
1690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556553748.0000000001690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690000
|
| Size: |
32768
|
|
|
9CC4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CC4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CC4000
|
| Size: |
4096
|
|
|
54A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1476553186.00000000054A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54A0000
|
| Size: |
4096
|
|
|
5400000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1557693966.0000000005400000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5400000
|
| Size: |
4096
|
|
|
14FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487917850.00000000014FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14FB000
|
| Size: |
86016
|
|
|
BF2000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000002.00000000.1491873427.0000000000BF2000.00000080.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
BF2000
|
| Size: |
16384
|
|
|
3E8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557108044.0000000003E8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E8F000
|
| Size: |
4096
|
|
|
340F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556824298.000000000340F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
340F000
|
| Size: |
4096
|
|
|
54F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1519573409.00000000054F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54F0000
|
| Size: |
4096
|
|
|
5590000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3949466264.0000000005590000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5590000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971239047.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
440000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2571884519.0000000000440000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
440000
|
| Size: |
4096
|
|
|
49AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518893208.00000000049AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49AE000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484168447.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
451000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000000.2242933369.0000000000451000.00000020.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
451000
|
| Size: |
4796416
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1462689080.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487521488.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484790151.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1503321668.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483545443.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
449E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518591194.000000000449E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
449E000
|
| Size: |
8192
|
|
|
8E4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2572931320.00000000008E4000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8E4000
|
| Size: |
1626112
|
|
|
F5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574220858.0000000000F5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F5D000
|
| Size: |
12288
|
|
|
54F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1942065301.00000000054F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54F0000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971896330.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
5560000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3949404135.0000000005560000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5560000
|
| Size: |
4096
|
|
|
16ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940403336.00000000016ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16ED000
|
| Size: |
4096
|
|
|
7E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599072689.00000000007E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E6000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
14FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574665423.00000000014FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14FE000
|
| Size: |
8192
|
|
|
4EC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1939279066.0000000004EC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC0000
|
| Size: |
53248
|
|
|
CEA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1515917803.0000000000CEA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CEA000
|
| Size: |
24576
|
|
|
3C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557056578.0000000003C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C4E000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1959590836.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1462125891.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
31EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556734757.00000000031EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31EE000
|
| Size: |
8192
|
|
|
384F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556900076.000000000384F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
384F000
|
| Size: |
4096
|
|
|
14BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574630389.00000000014BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14BF000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483343007.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
D52000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1515957867.0000000000D52000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D52000
|
| Size: |
20480
|
|
|
172E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940749340.000000000172E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
172E000
|
| Size: |
8192
|
|
|
D72000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3930116087.0000000000D72000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D72000
|
| Size: |
909312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
E7F000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.3930116087.0000000000E7F000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
E7F000
|
| Size: |
28672
|
|
|
9CAC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CAC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CAC000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1472841388.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
49152
|
|
|
1570000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574805242.0000000001570000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1570000
|
| Size: |
16384
|
|
|
FB4000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1516060448.0000000000FB4000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
FB4000
|
| Size: |
98304
|
|
|
53C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000003.1515795287.00000000053C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53C0000
|
| Size: |
4096
|
|
|
3F5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518322971.0000000003F5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F5F000
|
| Size: |
4096
|
|
|
410F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557178000.000000000410F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
410F000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1943724039.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
3B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557021684.0000000003B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B0E000
|
| Size: |
8192
|
|
|
537F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557621261.000000000537F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
537F000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483766179.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
8192
|
|
|
14E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1487753256.00000000014E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E5000
|
| Size: |
90112
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972219226.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
B8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599502093.0000000000B8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B8F000
|
| Size: |
4096
|
|
|
DDF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2573720130.0000000000DDF000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
DDF000
|
| Size: |
12288
|
|
|
8610000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520233408.0000000008610000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8610000
|
| Size: |
4096
|
|
|
9D30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D30000
|
| Size: |
4096
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1500227668.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
1540000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556363225.0000000001540000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1540000
|
| Size: |
16384
|
|
|
460E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948598741.000000000460E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
460E000
|
| Size: |
8192
|
|
|
569B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3949485064.000000000569B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
569B000
|
| Size: |
20480
|
|
|
4A0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557435978.0000000004A0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A0E000
|
| Size: |
8192
|
|
|
498F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948739519.000000000498F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
498F000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971803855.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483637364.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971149434.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
159E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556393686.000000000159E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
159E000
|
| Size: |
8192
|
|
|
54F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1942086910.00000000054F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54F0000
|
| Size: |
4096
|
|
|
3BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3946044157.0000000003BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BCF000
|
| Size: |
4096
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599015369.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
221184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485638059.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1472870139.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
45CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948572870.00000000045CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45CF000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483526920.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
9D4E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D4E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D4E000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483871259.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
9C9A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C9A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C9A000
|
| Size: |
4096
|
|
|
1512000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488006750.0000000001512000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1512000
|
| Size: |
36864
|
|
|
53C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000003.1515777090.00000000053C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53C0000
|
| Size: |
4096
|
|
|
4E70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1464835689.0000000004E70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
53248
|
|
|
9CC2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009CC2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9CC2000
|
| Size: |
4096
|
|
|
36DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517700799.00000000036DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36DE000
|
| Size: |
8192
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1481694929.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
6A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520009374.0000000006A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A3F000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488277290.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
143E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516534659.000000000143E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
143E000
|
| Size: |
221184
|
|
|
2A00C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2578697636.000000002A00C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A00C000
|
| Size: |
4096
|
|
|
E97000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000002.00000002.1556116513.0000000000E97000.00000080.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
E97000
|
| Size: |
1654784
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1461642128.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
65536
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488528868.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
391F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517763849.000000000391F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
391F000
|
| Size: |
4096
|
|
|
53C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000003.1515758797.00000000053C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53C0000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484982353.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
1482000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1492935103.0000000001482000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1482000
|
| Size: |
36864
|
|
|
3CDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518065144.0000000003CDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CDF000
|
| Size: |
4096
|
|
|
5440000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1557764936.0000000005440000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5440000
|
| Size: |
4096
|
|
|
D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599571821.0000000000D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D90000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1972380667.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
E11000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2573894822.0000000000E11000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E11000
|
| Size: |
8192
|
|
|
5490000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000003.1477154372.0000000005490000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5490000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484322408.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
9D60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D60000
|
| Size: |
28672
|
|
|
5360000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1941030797.0000000005360000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5360000
|
| Size: |
53248
|
|
|
2A00A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2578697636.000000002A00A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A00A000
|
| Size: |
4096
|
|
|
9D1E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2576763288.0000000009D1E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9D1E000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483688984.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
359E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517579763.000000000359E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
359E000
|
| Size: |
8192
|
|
|
16E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3940403336.00000000016E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16E0000
|
| Size: |
16384
|
|
|
166E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556478993.000000000166E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
166E000
|
| Size: |
8192
|
|
|
44CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557278376.00000000044CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44CF000
|
| Size: |
4096
|
|
|
63C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2592133371.000000000063C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
63C000
|
| Size: |
16384
|
|
|
143A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1516534659.000000000143A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
143A000
|
| Size: |
8192
|
|
|
3F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1518348328.0000000003F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F9E000
|
| Size: |
8192
|
|
|
9C6A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C6A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C6A000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1485263476.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1943425630.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
54C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1519452611.00000000054C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54C0000
|
| Size: |
4096
|
|
|
54F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1942041945.00000000054F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54F0000
|
| Size: |
4096
|
|
|
53F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1557675209.00000000053F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
53F0000
|
| Size: |
4096
|
|
|
1680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1498886010.0000000001680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
53248
|
|
|
4A7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2599851174.0000000004A7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A7D000
|
| Size: |
12288
|
|
|
717000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2595123958.0000000000717000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
717000
|
| Size: |
73728
|
|
|
29EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2578575049.0000000029EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29EFE000
|
| Size: |
8192
|
|
|
54F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000003.1941981247.00000000054F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54F0000
|
| Size: |
8192
|
|
|
350F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556839262.000000000350F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
350F000
|
| Size: |
4096
|
|
|
DAA000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000002.2573612107.0000000000DAA000.00000008.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
DAA000
|
| Size: |
217088
|
|
|
1578000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574805242.0000000001578000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1578000
|
| Size: |
16384
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1486853824.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
3D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557090639.0000000003D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D8E000
|
| Size: |
8192
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1486960380.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
D72000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1555808565.0000000000D72000.00000040.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D72000
|
| Size: |
909312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
A73000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2572931320.0000000000A73000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A73000
|
| Size: |
4096
|
|
|
BF9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000000.1491962099.0000000000BF9000.00000008.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
BF9000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1944000435.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
5310000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1475186562.0000000005310000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5310000
|
| Size: |
53248
|
|
|
398F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556973287.000000000398F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
398F000
|
| Size: |
4096
|
|
|
6C60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1520184483.0000000006C60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C60000
|
| Size: |
77824
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1959975993.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
780000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.2598698443.0000000000780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
8192
|
|
|
A010000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2577492519.000000000A010000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
A010000
|
| Size: |
933888
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
|
|
4EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1497051010.0000000004EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EB0000
|
| Size: |
172032
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1943674211.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488182473.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
36CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3945352262.00000000036CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36CF000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1484251407.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1486498061.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
5510000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1519655188.0000000005510000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5510000
|
| Size: |
4096
|
|
|
4E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1488244611.0000000004E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E81000
|
| Size: |
4096
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1971191495.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
29FFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2578656374.0000000029FFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29FFF000
|
| Size: |
4096
|
|
|
15A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3938390892.00000000015A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15A0000
|
| Size: |
8192
|
|
|
6C6D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1489064063.0000000006C6D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C6D000
|
| Size: |
524288
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1482822368.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
B90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1555677230.0000000000B90000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B90000
|
| Size: |
4096
|
|
|
A0FE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2578170063.000000000A0FE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
A0FE000
|
| Size: |
643072
|
|
|
3157000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1517310341.0000000003157000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3157000
|
| Size: |
32768
|
|
|
374E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556885171.000000000374E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
374E000
|
| Size: |
8192
|
|
|
527E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1557603152.000000000527E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
527E000
|
| Size: |
8192
|
|
|
4ED1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1960537187.0000000004ED1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED1000
|
| Size: |
4096
|
|
|
470F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3948627335.000000000470F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
470F000
|
| Size: |
4096
|
|
|
A75000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.2243323865.0000000000A75000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A75000
|
| Size: |
3317760
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.2589909504.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
221184
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1483412132.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
|
9C78000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C78000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C78000
|
| Size: |
4096
|
|
|
153F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1556347765.000000000153F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
153F000
|
| Size: |
4096
|
|
|
9C94000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2574975714.0000000009C94000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
9C94000
|
| Size: |
4096
|
|
|
15B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1462139553.00000000015B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15B4000
|
| Size: |
4096
|
|
