|
3F20E000
|
heap
|
page read and write
|
 |
|
|
| Name: |
00000007.00000003.1078526097.000000003F20E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F20E000
|
| Size: |
557056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| Found strings which match to known social media urls |
Networking |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
87D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467159956.000000000087D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
87D000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
87E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221209861.000000000087E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
87E000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1112502288.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
376832
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
22A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021832526.00000000022A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22A0000
|
| Size: |
450560
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected DBatLoader |
Data Obfuscation |
|
|
|
947000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137011142.0000000000947000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
947000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3F6D3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1111725490.000000003F6D3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F6D3000
|
| Size: |
405504
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| Found strings which match to known social media urls |
Networking |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
69E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.000000000069E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
69E000
|
| Size: |
286720
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
7E6A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1057755881.000000007E6A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E6A0000
|
| Size: |
471040
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| Public key (encryption) found |
Cryptography |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3EF9B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1082811463.000000003EF9B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF9B000
|
| Size: |
401408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| Found strings which match to known social media urls |
Networking |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3F5C2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1083589792.000000003F5C2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F5C2000
|
| Size: |
700416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
6E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.00000000006E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E7000
|
| Size: |
98304
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| URLs found in memory or binary data |
Networking |
|
|
|
21018000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.1156784994.0000000021018000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21018000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
7FBC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060727517.000000007FBC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBC0000
|
| Size: |
221184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected DBatLoader |
Data Obfuscation |
|
|
|
9F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385185958.00000000009F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F5000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3F200000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3485150749.000000003F200000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F200000
|
| Size: |
376832
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
21929000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1041350913.0000000021929000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21929000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
20ED8000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.1327588240.0000000020ED8000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
20ED8000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
79B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020804792.000000000079B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
79B000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3EFC2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077141002.000000003EFC2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EFC2000
|
| Size: |
200704
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
93C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308488165.000000000093C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
93C000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3F38C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1082165802.000000003F38C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F38C000
|
| Size: |
700416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2300000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137588012.0000000002300000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2300000
|
| Size: |
450560
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected DBatLoader |
Data Obfuscation |
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028077848.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4B08000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1087901391.0000000004B08000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B08000
|
| Size: |
12288
|
|
|
947000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108345249.0000000000947000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
947000
|
| Size: |
618496
|
|
|
CE0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1042683494.0000000000CE0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CE0000
|
| Size: |
4096
|
|
|
3EC90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1497062809.000000003EC90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EC90000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108270310.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1466681760.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
4660000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098910554.0000000004660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4660000
|
| Size: |
684032
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1025783834.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7EE13000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1009791793.000000007EE13000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE13000
|
| Size: |
524288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7FE43000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064715478.000000007FE43000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE43000
|
| Size: |
12288
|
|
|
3EF21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1074353014.000000003EF21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF21000
|
| Size: |
12288
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1011783768.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
4096
|
|
|
6A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136697285.00000000006A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A0000
|
| Size: |
4096
|
|
|
20814000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408039521.0000000020814000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20814000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037875422.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040819204.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1087959203.0000000000B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B5E000
|
| Size: |
8192
|
|
|
29B7000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1024242209.00000000029B7000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29B7000
|
| Size: |
57344
|
|
|
20D0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1155744370.0000000020D0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D0F000
|
| Size: |
4096
|
|
|
235A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021832526.000000000235A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
235A000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1045049359.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044419638.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
D0E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000000.1031670195.0000000000D0E000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
D0E000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035166352.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
48D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456646516.000000000048D000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48D000
|
| Size: |
4096
|
|
|
29BC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222709391.00000000029BC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29BC000
|
| Size: |
4096
|
|
|
4841000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1109670974.0000000004841000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4841000
|
| Size: |
20480
|
|
|
4DA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1109352099.0000000004DA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DA4000
|
| Size: |
1228800
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029704717.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
423E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1113077233.000000000423E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
423E000
|
| Size: |
4096
|
|
|
708000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1083368653.0000000000708000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
708000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2B85000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.1309978115.0000000002B85000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2B85000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042323753.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105768855.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
126976
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044442686.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
D2E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1042863820.0000000000D2E000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D2E000
|
| Size: |
49152
|
|
|
2139C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040891109.000000002139C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2139C000
|
| Size: |
16384
|
|
|
3060000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088485447.0000000003060000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3060000
|
| Size: |
24576
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015445239.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
2DCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088456060.0000000002DCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DCE000
|
| Size: |
8192
|
|
|
716000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.0000000000716000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
716000
|
| Size: |
20480
|
|
|
6A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221036397.00000000006A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A0000
|
| Size: |
4096
|
|
|
830000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467159956.0000000000830000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
830000
|
| Size: |
24576
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034791238.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028920146.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1024092235.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
233D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021832526.000000000233D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
233D000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036565737.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015004250.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
CE0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.1043365245.0000000000CE0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CE0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034960243.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7E850000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1170641538.000000007E850000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E850000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022361167.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7FC10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060949773.000000007FC10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC10000
|
| Size: |
1077248
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037912088.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109173600.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
20C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471650972.0000000020C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C1E000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109290038.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
2085B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1482317379.000000002085B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2085B000
|
| Size: |
20480
|
|
|
20758000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1481043998.0000000020758000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20758000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040544450.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
9ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385185958.00000000009ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9ED000
|
| Size: |
24576
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038004919.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020148154.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
7B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385002430.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B0000
|
| Size: |
16384
|
|
|
76F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1044840754.000000000076F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
76F000
|
| Size: |
4096
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1019946189.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
239D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137588012.000000000239D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
239D000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028900009.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
1EB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1020840292.00000000001EB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1EB000
|
| Size: |
20480
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037737909.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
5D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1019993328.00000000005D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D6000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108144785.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
300D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1012159289.000000000300D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
300D000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040794364.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028327397.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1107590239.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
29C5000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1222804818.00000000029C5000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
29C5000
|
| Size: |
8192
|
|
|
B4C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088247647.0000000000B4C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B4C000
|
| Size: |
16384
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1107701771.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
6E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308209929.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028479808.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7EEC5000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1005432640.000000007EEC5000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEC5000
|
| Size: |
12288
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015191526.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034350384.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108400940.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
243D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385867202.000000000243D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
243D000
|
| Size: |
4096
|
|
|
486F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106849234.000000000486F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
486F000
|
| Size: |
32768
|
|
|
483C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105143787.000000000483C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
483C000
|
| Size: |
8192
|
|
|
292F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.000000000292F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
292F000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1024125601.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1104768948.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
794000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1013034618.0000000000794000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
794000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042246674.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1032341632.0000000000BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BEE000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038414137.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
153000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112182754.0000000000153000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
153000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1497503053.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
207FE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408039521.00000000207FE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207FE000
|
| Size: |
8192
|
|
|
3F38C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113573261.000000003F38C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F38C000
|
| Size: |
4096
|
|
|
300D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110473478.000000000300D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
300D000
|
| Size: |
4096
|
|
|
8F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308488165.00000000008F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F0000
|
| Size: |
24576
|
|
|
20E94000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000017.00000002.1327024337.0000000020E94000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20E94000
|
| Size: |
8192
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1466504239.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
195000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105096564.0000000000195000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
195000
|
| Size: |
4096
|
|
|
3EFD4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112559586.000000003EFD4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EFD4000
|
| Size: |
73728
|
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112475152.00000000001F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
76E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1010865026.000000000076E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76E000
|
| Size: |
126976
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029646419.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3153000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1085645709.0000000003153000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3153000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1016071137.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
16384
|
|
|
2401000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467742198.0000000002401000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2401000
|
| Size: |
4096
|
|
|
D2A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1031759687.0000000000D2A000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D2A000
|
| Size: |
12288
|
|
|
7FE3B000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1002428238.000000007FE3B000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE3B000
|
| Size: |
16384
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015382393.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7FD70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064715478.000000007FD70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD70000
|
| Size: |
847872
|
|
|
8FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137011142.00000000008FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8FE000
|
| Size: |
126976
|
|
|
C00000
|
heap
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1088350143.0000000000C00000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
C00000
|
| Size: |
4096
|
|
|
20A7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039786441.0000000020A7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A7F000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029727990.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
1E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1044722615.00000000001E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1E0000
|
| Size: |
4096
|
|
|
22F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222193585.00000000022F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22F3000
|
| Size: |
8192
|
|
|
9EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111535214.00000000009EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9EE000
|
| Size: |
4096
|
|
|
7EF50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1005913087.000000007EF50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF50000
|
| Size: |
458752
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1024057525.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044043641.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022205465.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7F07C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1005033922.000000007F07C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F07C000
|
| Size: |
16384
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028197064.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1016071137.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028055829.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3ECDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3484948945.000000003ECDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ECDE000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1016589902.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
838000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467159956.0000000000838000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
838000
|
| Size: |
184320
|
|
|
CE1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000009.00000000.1042723634.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
CE1000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2356000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309415303.0000000002356000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2356000
|
| Size: |
8192
|
|
|
291C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1138775478.000000000291C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
291C000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035166352.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
C9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1032464057.0000000000C9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C9E000
|
| Size: |
8192
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1086173841.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108972353.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
251F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309605318.000000000251F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
251F000
|
| Size: |
4096
|
|
|
2200000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221757768.0000000002200000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2200000
|
| Size: |
8192
|
|
|
21056000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040151856.0000000021056000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21056000
|
| Size: |
61440
|
|
|
7EF2F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1006087736.000000007EF2F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF2F000
|
| Size: |
135168
|
|
|
482F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105835039.000000000482F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
482F000
|
| Size: |
36864
|
|
|
487A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107409726.000000000487A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
487A000
|
| Size: |
36864
|
|
|
7E6A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1170514487.000000007E6A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E6A0000
|
| Size: |
4096
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034121274.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039967629.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2EF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110402072.0000000002EF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF0000
|
| Size: |
20480
|
|
|
20FD4000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1155935121.0000000020FD4000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FD4000
|
| Size: |
8192
|
|
|
21C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458216850.00000000021C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21C0000
|
| Size: |
16384
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1011818985.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
4096
|
|
|
7ED20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1024808293.000000007ED20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED20000
|
| Size: |
4096
|
|
|
20741000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1151743194.0000000020741000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20741000
|
| Size: |
4096
|
|
|
426E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1093852088.000000000426E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
426E000
|
| Size: |
73728
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039039549.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
71E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021469586.000000000071E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71E000
|
| Size: |
8192
|
|
|
2845000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222289305.0000000002845000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2845000
|
| Size: |
4096
|
|
|
3100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1032699390.0000000003100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3100000
|
| Size: |
20480
|
|
|
5DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021412603.00000000005DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DB000
|
| Size: |
32768
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1429913718.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
723000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112154782.0000000000723000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
723000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
344F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1033125764.000000000344F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
344F000
|
| Size: |
4096
|
|
|
207EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039640501.00000000207EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207EF000
|
| Size: |
4096
|
|
|
2410000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309548631.0000000002410000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2410000
|
| Size: |
4096
|
|
|
195000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112349775.0000000000195000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
195000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037799389.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
944000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137011142.0000000000944000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
944000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034662967.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029746162.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
218D0000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1041069398.00000000218D0000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
218D0000
|
| Size: |
4096
|
|
|
85F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308353103.000000000085F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
85F000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029169009.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029487798.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040875326.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112856690.00000000007DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DF000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1107628993.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035516821.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2B7C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309877909.0000000002B7C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2B7C000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034883298.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
482B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106780340.000000000482B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
482B000
|
| Size: |
24576
|
|
|
4821000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098973745.0000000004821000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4821000
|
| Size: |
32768
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042228994.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2090D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471311250.000000002090D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2090D000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1025612033.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035268236.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
22AC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308930317.00000000022AC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22AC000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028724726.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
3F281000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3485832473.000000003F281000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3F281000
|
| Size: |
77824
|
|
|
474000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1112502288.0000000000474000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
474000
|
| Size: |
36864
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1026792163.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1155681993.0000000020BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BCF000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040544450.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7EE5F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1014208947.000000007EE5F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE5F000
|
| Size: |
135168
|
|
|
8F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137011142.00000000008F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F0000
|
| Size: |
32768
|
|
|
29B7000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222709391.00000000029B7000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29B7000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029977259.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3EF9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077141002.000000003EF9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF9A000
|
| Size: |
4096
|
|
|
710000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112841046.0000000000710000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
710000
|
| Size: |
4096
|
|
|
21948000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1041539302.0000000021948000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21948000
|
| Size: |
36864
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1011882017.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
4096
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099149344.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
4250000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098630188.0000000004250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4250000
|
| Size: |
393216
|
|
|
7FD40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1002693421.000000007FD40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD40000
|
| Size: |
1069056
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1031172530.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1043792746.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
4096
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107233225.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
155648
|
|
|
7EB30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1009226371.000000007EB30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB30000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036778924.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
248E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1468159924.000000000248E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
248E000
|
| Size: |
8192
|
|
|
7EE8F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1006245367.000000007EE8F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE8F000
|
| Size: |
200704
|
|
|
D2A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1042804073.0000000000D2A000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D2A000
|
| Size: |
12288
|
|
|
2927000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1468475455.0000000002927000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2927000
|
| Size: |
4096
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106680938.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
167936
|
|
|
3F630000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3486672668.000000003F630000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F630000
|
| Size: |
106496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
| URLs found in memory or binary data |
Networking |
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1110525456.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7EC80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1008713553.000000007EC80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC80000
|
| Size: |
458752
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109426393.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
21009000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.1156784994.0000000021009000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21009000
|
| Size: |
40960
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039135555.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
483D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105691028.000000000483D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
483D000
|
| Size: |
4096
|
|
|
2D50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088432582.0000000002D50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D50000
|
| Size: |
16384
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022038064.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028979598.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1110624531.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109318485.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
22CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458287031.00000000022CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
22CF000
|
| Size: |
4096
|
|
|
D2E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.1032647224.0000000000D2E000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D2E000
|
| Size: |
49152
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039637098.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028033644.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136579393.000000000048A000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1107981334.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042303801.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042191594.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
247C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385867202.000000000247C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
247C000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109452232.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
20E97000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000017.00000002.1327024337.0000000020E97000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20E97000
|
| Size: |
12288
|
|
|
195000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099527067.0000000000195000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
195000
|
| Size: |
4096
|
|
|
75F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021496322.000000000075F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
75F000
|
| Size: |
4096
|
|
|
4841000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106597331.0000000004841000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4841000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108110121.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030688987.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029411043.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
6E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1466754776.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041556272.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4F41000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1085528860.0000000004F41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F41000
|
| Size: |
65536
|
|
|
550000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021266283.0000000000550000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
550000
|
| Size: |
20480
|
|
|
20715000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408039521.0000000020715000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20715000
|
| Size: |
4096
|
|
|
9EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111535214.00000000009EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9EC000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034905945.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
70E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112154782.000000000070E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70E000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2EDE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110336606.0000000002EDE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2EDE000
|
| Size: |
8192
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1483325021.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029682683.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
48C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1466582649.000000000048C000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48C000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030073401.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039855997.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030790799.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3EFF7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113230812.000000003EFF7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EFF7000
|
| Size: |
4096
|
|
|
4850000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1110080165.0000000004850000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4850000
|
| Size: |
139264
|
|
|
796000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1010865026.0000000000796000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
796000
|
| Size: |
24576
|
|
|
20FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040123580.0000000020FB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FB0000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015969863.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
16384
|
|
|
4230000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111622415.0000000004230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4230000
|
| Size: |
4096
|
|
|
4829000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098519339.0000000004829000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4829000
|
| Size: |
12288
|
|
|
20C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1155715013.0000000020C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C0E000
|
| Size: |
8192
|
|
|
5D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020182015.00000000005D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D0000
|
| Size: |
8192
|
|
|
3250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1032956435.0000000003250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3250000
|
| Size: |
36864
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108486892.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
2344000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021832526.0000000002344000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2344000
|
| Size: |
8192
|
|
|
72A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077639644.000000000072A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
72A000
|
| Size: |
8192
|
|
|
91E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137011142.000000000091E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
91E000
|
| Size: |
73728
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1107800271.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040056007.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1012524117.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
1E9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1020840292.00000000001E9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1E9000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028555037.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2233000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221757768.0000000002233000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2233000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028538303.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2096E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1325945563.000000002096E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2096E000
|
| Size: |
8192
|
|
|
AA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1018974393.0000000000AA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
AA0000
|
| Size: |
237568
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
640000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020299828.0000000000640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
640000
|
| Size: |
16384
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039116529.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028264029.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1024903022.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029301860.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1031151501.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1043107890.00000000003C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3C0000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015004250.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1031266459.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023792024.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034641885.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109623919.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028521964.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
5A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021335458.00000000005A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A0000
|
| Size: |
28672
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108517110.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1107750019.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109201816.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
3150000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1088301226.0000000003150000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3150000
|
| Size: |
12288
|
|
|
2968000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222289305.0000000002968000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2968000
|
| Size: |
8192
|
|
|
23DD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467742198.00000000023DD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23DD000
|
| Size: |
4096
|
|
|
2071D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1151743194.000000002071D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2071D000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022605761.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041754924.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
5BA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1001469574.00000000005BA000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5BA000
|
| Size: |
12288
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108799075.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4821000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105988221.0000000004821000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4821000
|
| Size: |
32768
|
|
|
794000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015079280.0000000000794000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
794000
|
| Size: |
8192
|
|
|
2073A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1151743194.000000002073A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2073A000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038549975.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037468841.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1110141781.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015841068.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
16384
|
|
|
20D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039963187.0000000020D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D6E000
|
| Size: |
8192
|
|
|
232C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309375978.000000000232C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
232C000
|
| Size: |
16384
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038610028.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1384733587.0000000000487000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
3D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1043128885.00000000003D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D0000
|
| Size: |
4096
|
|
|
195000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1104803149.0000000000195000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
195000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039720963.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
22B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.1222163019.00000000022B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
22B0000
|
| Size: |
4096
|
|
|
2FE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110473478.0000000002FE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FE0000
|
| Size: |
36864
|
|
|
5D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1019768031.00000000005D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D6000
|
| Size: |
8192
|
|
|
513F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088647380.000000000513F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
513F000
|
| Size: |
4096
|
|
|
4254000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107670347.0000000004254000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4254000
|
| Size: |
208896
|
|
|
71D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1046105363.000000000071D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71D000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029800287.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
456000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1087235223.0000000000456000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
456000
|
| Size: |
8192
|
|
|
4B6B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1109045361.0000000004B6B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B6B000
|
| Size: |
1073152
|
|
|
29E1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000018.00000002.1392777927.00000000029E1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
29E1000
|
| Size: |
155648
|
|
|
180000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1044653803.0000000000180000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
180000
|
| Size: |
4096
|
|
|
7EBF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1008973136.000000007EBF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBF0000
|
| Size: |
4096
|
|
|
295A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222289305.000000000295A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
295A000
|
| Size: |
12288
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099280572.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1012198113.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
4096
|
|
|
2EEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1088229607.0000000002EEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EEF000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023969268.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136881897.00000000007A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A5000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039604702.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036538855.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1025708162.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1109541200.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038987077.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028347214.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408640787.0000000020D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D6E000
|
| Size: |
8192
|
|
|
73A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112154782.000000000073A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
73A000
|
| Size: |
4096
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1043880188.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038037662.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4836000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107920674.0000000004836000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4836000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1025847068.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111024771.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
49152
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1086075604.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038806893.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1155814128.0000000020D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D6E000
|
| Size: |
8192
|
|
|
76F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112505440.000000000076F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76F000
|
| Size: |
4096
|
|
|
20625000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1151743194.0000000020625000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20625000
|
| Size: |
651264
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
20A6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236068779.0000000020A6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A6F000
|
| Size: |
4096
|
|
|
20984000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1325945563.0000000020984000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20984000
|
| Size: |
4096
|
|
|
60E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1044799483.000000000060E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60E000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015618875.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
16384
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107022339.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
151552
|
|
|
71F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112154782.000000000071F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71F000
|
| Size: |
12288
|
|
|
1D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1044702714.00000000001D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0000
|
| Size: |
8192
|
|
|
21942000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041431257.0000000021942000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21942000
|
| Size: |
8192
|
|
|
429D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098192115.000000000429D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
429D000
|
| Size: |
315392
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034750188.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030601848.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
484B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105143787.000000000484B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
484B000
|
| Size: |
4096
|
|
|
2082A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408039521.000000002082A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2082A000
|
| Size: |
12288
|
|
|
71E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221150129.000000000071E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71E000
|
| Size: |
8192
|
|
|
7EE10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1014208947.000000007EE10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE10000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042437859.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2491000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385867202.0000000002491000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2491000
|
| Size: |
4096
|
|
|
28DE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.00000000028DE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28DE000
|
| Size: |
253952
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2924000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.0000000002924000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2924000
|
| Size: |
20480
|
|
|
11C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112150299.000000000011C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11C000
|
| Size: |
16384
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109063875.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023100919.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
20EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236520962.0000000020EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EAE000
|
| Size: |
8192
|
|
|
4829000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105880348.0000000004829000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4829000
|
| Size: |
73728
|
|
|
4251000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098079526.0000000004251000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4251000
|
| Size: |
614400
|
|
|
23B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137588012.00000000023B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23B3000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022134683.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
656000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020648497.0000000000656000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
656000
|
| Size: |
12288
|
|
|
486F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107299043.000000000486F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
486F000
|
| Size: |
81920
|
|
|
2149C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040932546.000000002149C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2149C000
|
| Size: |
16384
|
|
|
3F64B000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3486672668.000000003F64B000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F64B000
|
| Size: |
36864
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034055618.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1043965189.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1087235223.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
344064
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040522050.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
45E000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1112502288.000000000045E000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
45E000
|
| Size: |
4096
|
|
|
257E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1138494445.000000000257E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
257E000
|
| Size: |
8192
|
|
|
20C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1483123970.0000000020C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C1E000
|
| Size: |
8192
|
|
|
22C8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308930317.00000000022C8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22C8000
|
| Size: |
4096
|
|
|
483D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105988221.000000000483D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
483D000
|
| Size: |
4096
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1043988541.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
2368000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021832526.0000000002368000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2368000
|
| Size: |
4096
|
|
|
4249000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098441665.0000000004249000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4249000
|
| Size: |
24576
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028241712.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1104931074.0000000004A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108999230.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107593101.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
114688
|
|
|
2690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1392634867.0000000002690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2690000
|
| Size: |
4096
|
|
|
780000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1044929961.0000000000780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
36864
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023100919.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
244C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1468118462.000000000244C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
244C000
|
| Size: |
16384
|
|
|
80E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1043190803.000000000080E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
80E000
|
| Size: |
8192
|
|
|
4A27000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1109199353.0000000004A27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A27000
|
| Size: |
1232896
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041447739.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039368362.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039230034.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
226D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308930317.000000000226D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
226D000
|
| Size: |
4096
|
|
|
2991000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1024139076.0000000002991000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2991000
|
| Size: |
155648
|
|
|
A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021804515.0000000000A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A8F000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1014272022.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467049419.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030145231.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039308896.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035129918.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
23A4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137588012.00000000023A4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23A4000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030941920.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
910000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112926101.0000000000910000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
910000
|
| Size: |
4096
|
|
|
6CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020804792.00000000006CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CE000
|
| Size: |
299008
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7E6A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3487027362.000000007E6A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E6A0000
|
| Size: |
4096
|
|
|
7EE00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1009791793.000000007EE00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE00000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
A3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1087636283.0000000000A3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A3C000
|
| Size: |
16384
|
|
|
7EC5F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1008973136.000000007EC5F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC5F000
|
| Size: |
135168
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7EC00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058736372.000000007EC00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC00000
|
| Size: |
4096
|
|
|
7E79F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058221890.000000007E79F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E79F000
|
| Size: |
16384
|
|
|
72F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020804792.000000000072F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
72F000
|
| Size: |
16384
|
|
|
7EBBF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1009226371.000000007EBBF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBBF000
|
| Size: |
16384
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035052370.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
93A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1043227201.000000000093A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
93A000
|
| Size: |
32768
|
|
|
23AC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137588012.00000000023AC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23AC000
|
| Size: |
4096
|
|
|
20EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1483252160.0000000020EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EAE000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109232319.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
20F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221661713.00000000020F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F0000
|
| Size: |
4096
|
|
|
25A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1138528574.00000000025A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25A0000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029193534.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030291873.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7E850000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058500347.000000007E850000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E850000
|
| Size: |
4096
|
|
|
7EE8E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1013184294.000000007EE8E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE8E000
|
| Size: |
270336
|
|
|
4821000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106567809.0000000004821000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4821000
|
| Size: |
65536
|
|
|
209A8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1325945563.00000000209A8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
209A8000
|
| Size: |
8192
|
|
|
72B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112841046.000000000072B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
72B000
|
| Size: |
4096
|
|
|
206EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1235834168.00000000206EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
206EC000
|
| Size: |
16384
|
|
|
493000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1001469574.0000000000493000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
493000
|
| Size: |
1204224
|
|
|
190000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112320140.0000000000190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
190000
|
| Size: |
16384
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040056007.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028406571.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1384691906.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1033988888.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
7EE5F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1012678219.000000007EE5F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE5F000
|
| Size: |
135168
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038352531.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
9EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111694467.00000000009EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9EE000
|
| Size: |
4096
|
|
|
6E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1384893158.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E0000
|
| Size: |
4096
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1033381272.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
2B07000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458730710.0000000002B07000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2B07000
|
| Size: |
4096
|
|
|
7ED70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1007907728.000000007ED70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED70000
|
| Size: |
458752
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136396707.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
423C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111418066.000000000423C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
423C000
|
| Size: |
20480
|
|
|
20815000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471311250.0000000020815000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20815000
|
| Size: |
4096
|
|
|
4841000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108683724.0000000004841000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4841000
|
| Size: |
20480
|
|
|
7E6A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1249679256.000000007E6A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E6A0000
|
| Size: |
4096
|
|
|
3EB50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1347513132.000000003EB50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EB50000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040621348.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022786431.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4820000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1113176349.0000000004820000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4820000
|
| Size: |
20480
|
|
|
7ED20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1010307847.000000007ED20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED20000
|
| Size: |
282624
|
|
|
4836000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106920791.0000000004836000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4836000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029193534.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036601543.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4828000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1113176349.0000000004828000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4828000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034546144.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111968626.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1087632251.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
20906000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471311250.0000000020906000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20906000
|
| Size: |
4096
|
|
|
20E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236479878.0000000020E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E6E000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037799389.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
20751000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1481043998.0000000020751000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20751000
|
| Size: |
4096
|
|
|
223A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221757768.000000000223A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
223A000
|
| Size: |
8192
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106232376.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
16384
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022361167.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1027869420.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7E82F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058363829.000000007E82F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E82F000
|
| Size: |
77824
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034934575.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1347948529.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
2446000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1138416370.0000000002446000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2446000
|
| Size: |
8192
|
|
|
4829000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098155411.0000000004829000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4829000
|
| Size: |
241664
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029800287.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
22BA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308930317.00000000022BA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22BA000
|
| Size: |
8192
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1104852034.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108424426.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040914928.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
1E0000
|
heap
|
page readonly
|
|
|
|
| Name: |
0000000A.00000002.1112437525.00000000001E0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
1E0000
|
| Size: |
4096
|
|
|
2093F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039717150.000000002093F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2093F000
|
| Size: |
4096
|
|
|
315C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1085645709.000000000315C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
315C000
|
| Size: |
8192
|
|
|
7EED0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059161458.000000007EED0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EED0000
|
| Size: |
4096
|
|
|
486F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107123405.000000000486F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
486F000
|
| Size: |
36864
|
|
|
485F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106058003.000000000485F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
485F000
|
| Size: |
20480
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1025672842.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4241000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1109916685.0000000004241000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4241000
|
| Size: |
294912
|
|
|
76F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112770390.000000000076F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76F000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039211212.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4829000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108593394.0000000004829000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4829000
|
| Size: |
61440
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108748180.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
70E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1046105363.000000000070E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70E000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1019768031.00000000005DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DB000
|
| Size: |
32768
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1027932829.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038056736.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109026501.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042362477.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109264086.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
221D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221757768.000000000221D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
221D000
|
| Size: |
4096
|
|
|
2470000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022398590.0000000002470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2470000
|
| Size: |
4096
|
|
|
2920000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.0000000002920000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2920000
|
| Size: |
12288
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1031051177.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7FD1B000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060949773.000000007FD1B000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD1B000
|
| Size: |
16384
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042381999.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4841000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1110044915.0000000004841000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4841000
|
| Size: |
20480
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040642757.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
25A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1138528574.00000000025A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25A3000
|
| Size: |
8192
|
|
|
20D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039928740.0000000020D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D1F000
|
| Size: |
4096
|
|
|
2B0C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458730710.0000000002B0C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2B0C000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036971734.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015310530.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
22B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308930317.00000000022B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22B3000
|
| Size: |
4096
|
|
|
5DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1019993328.00000000005DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DB000
|
| Size: |
32768
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1483325021.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
73B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020804792.000000000073B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
73B000
|
| Size: |
167936
|
|
|
23FA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467742198.00000000023FA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23FA000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036489215.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
482B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106872503.000000000482B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
482B000
|
| Size: |
32768
|
|
|
650000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020648497.0000000000650000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
650000
|
| Size: |
16384
|
|
|
2F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110449269.0000000002F70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F70000
|
| Size: |
8192
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1157125504.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
23DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309516900.00000000023DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
23DE000
|
| Size: |
8192
|
|
|
20A7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408449440.0000000020A7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A7F000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108884169.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4835000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106359656.0000000004835000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4835000
|
| Size: |
36864
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1307927499.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109090001.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4A2C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1110688715.0000000004A2C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A2C000
|
| Size: |
1232896
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015730922.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
20FDB000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1155935121.0000000020FDB000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FDB000
|
| Size: |
12288
|
|
|
20BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408543518.0000000020BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BFE000
|
| Size: |
8192
|
|
|
730000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1466858840.0000000000730000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
730000
|
| Size: |
16384
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044442686.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038199620.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1031104401.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3F616000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3486028321.000000003F616000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F616000
|
| Size: |
8192
|
|
|
207EB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1235889169.00000000207EB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207EB000
|
| Size: |
20480
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036641735.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
1AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1020809672.00000000001AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1AD000
|
| Size: |
12288
|
|
|
5C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021376601.00000000005C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C5000
|
| Size: |
4096
|
|
|
211F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1014610290.00000000211F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
211F2000
|
| Size: |
1323008
|
|
|
660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1044821301.0000000000660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
660000
|
| Size: |
20480
|
|
|
B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1088033049.0000000000B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B80000
|
| Size: |
20480
|
|
|
7EE80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1014021454.000000007EE80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE80000
|
| Size: |
327680
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030963431.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039368362.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471728391.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
20AAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236099723.0000000020AAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20AAE000
|
| Size: |
8192
|
|
|
2FEB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110473478.0000000002FEB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FEB000
|
| Size: |
45056
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039792016.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099004898.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2FEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1088267391.0000000002FEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FEF000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110557071.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
5F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456899449.00000000005F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F5000
|
| Size: |
12288
|
|
|
4829000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098677902.0000000004829000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4829000
|
| Size: |
20480
|
|
|
5A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021335458.00000000005A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A9000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028979598.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
3470000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1033275865.0000000003470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3470000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039933952.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4220000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1113045163.0000000004220000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4220000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1033454889.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
4096
|
|
|
724000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077639644.0000000000724000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
724000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
29C2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222709391.00000000029C2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29C2000
|
| Size: |
12288
|
|
|
780000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136815136.0000000000780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036721674.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3EF9B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113327176.000000003EF9B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF9B000
|
| Size: |
229376
|
|
|
3EF9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1074353014.000000003EF9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF9A000
|
| Size: |
167936
|
|
|
3353000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1087941719.0000000003353000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3353000
|
| Size: |
4096
|
|
|
426D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108039851.000000000426D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
426D000
|
| Size: |
114688
|
|
|
4829000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107920674.0000000004829000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4829000
|
| Size: |
49152
|
|
|
2961000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222289305.0000000002961000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2961000
|
| Size: |
4096
|
|
|
20E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1483221005.0000000020E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E6E000
|
| Size: |
8192
|
|
|
3F280000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3485798017.000000003F280000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F280000
|
| Size: |
4096
|
|
|
780000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1384947860.0000000000780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
4096
|
|
|
2440000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1138416370.0000000002440000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2440000
|
| Size: |
16384
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1087590716.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038271878.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108644942.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022402969.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108199722.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4829000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098251235.0000000004829000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4829000
|
| Size: |
331776
|
|
|
870000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458057801.0000000000870000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
870000
|
| Size: |
32768
|
|
|
7ED10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1007655621.000000007ED10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED10000
|
| Size: |
4096
|
|
|
2693000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1392634867.0000000002693000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2693000
|
| Size: |
8192
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106425513.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
8192
|
|
|
20885000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1325945563.0000000020885000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20885000
|
| Size: |
4096
|
|
|
423C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111464007.000000000423C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
423C000
|
| Size: |
20480
|
|
|
5BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1020165346.00000000005BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BA000
|
| Size: |
12288
|
|
|
7E200000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1057700014.000000007E200000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E200000
|
| Size: |
4096
|
|
|
7EE40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059129891.000000007EE40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE40000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028575810.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1014272022.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029388576.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015254105.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
482B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106920791.000000000482B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
482B000
|
| Size: |
36864
|
|
|
2413000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309548631.0000000002413000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2413000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029845152.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1155770199.0000000020D10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20D10000
|
| Size: |
4096
|
|
|
3F274000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3485150749.000000003F274000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F274000
|
| Size: |
36864
|
|
|
5DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1020192214.00000000005DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DB000
|
| Size: |
32768
|
|
|
3EFE2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113803354.000000003EFE2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EFE2000
|
| Size: |
4096
|
|
|
7C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1017516998.00000000007C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C0000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1016589902.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
16384
|
|
|
2968000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.0000000002968000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2968000
|
| Size: |
12288
|
|
|
932000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137011142.0000000000932000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
932000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1027820747.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
763000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1010865026.0000000000763000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
763000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
2490000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022431041.0000000002490000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2490000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030710646.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
23B2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467742198.00000000023B2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23B2000
|
| Size: |
4096
|
|
|
2098E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1154873065.000000002098E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2098E000
|
| Size: |
8192
|
|
|
20ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1483056503.0000000020ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20ADE000
|
| Size: |
8192
|
|
|
1CE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1044680554.00000000001CE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1CE000
|
| Size: |
8192
|
|
|
20806000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408039521.0000000020806000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20806000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022296321.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20FD7000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1155935121.0000000020FD7000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FD7000
|
| Size: |
12288
|
|
|
11D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1044584726.000000000011D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11D000
|
| Size: |
12288
|
|
|
7FE48000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1002693421.000000007FE48000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE48000
|
| Size: |
16384
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136659706.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1087832021.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
21554000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1014610290.0000000021554000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21554000
|
| Size: |
20480
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1012388261.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029349229.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7E6A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1347554950.000000007E6A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E6A0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040961663.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4830000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106232376.0000000004830000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4830000
|
| Size: |
57344
|
|
|
6DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308174864.00000000006DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DE000
|
| Size: |
8192
|
|
|
713000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1083368653.0000000000713000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
713000
|
| Size: |
20480
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030859597.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2917000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1138775478.0000000002917000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2917000
|
| Size: |
4096
|
|
|
4836000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106425513.0000000004836000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4836000
|
| Size: |
32768
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109963450.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041081969.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3F61C000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3486028321.000000003F61C000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F61C000
|
| Size: |
24576
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1087765463.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
4FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112659173.00000000004FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FE000
|
| Size: |
8192
|
|
|
23AD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467742198.00000000023AD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23AD000
|
| Size: |
4096
|
|
|
2328000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021832526.0000000002328000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2328000
|
| Size: |
4096
|
|
|
3EF1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3485054931.000000003EF1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EF1F000
|
| Size: |
4096
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106988885.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
114688
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1043899213.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
20635000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1481043998.0000000020635000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20635000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029411043.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
20976000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1325945563.0000000020976000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20976000
|
| Size: |
4096
|
|
|
72E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1466789996.000000000072E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
72E000
|
| Size: |
8192
|
|
|
78E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1010865026.000000000078E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
78E000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108609467.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
20D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1483189893.0000000020D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D6E000
|
| Size: |
8192
|
|
|
2350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309415303.0000000002350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2350000
|
| Size: |
12288
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1016294019.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
240C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1138367916.000000000240C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
240C000
|
| Size: |
16384
|
|
|
207EE000
|
stack
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1039616540.00000000207EE000.00000040.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page execute and read and write
|
| Base address: |
207EE000
|
| Size: |
4096
|
|
|
3F44F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113769380.000000003F44F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F44F000
|
| Size: |
4096
|
|
|
4844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1113311409.0000000004844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4844000
|
| Size: |
8192
|
|
|
9A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385185958.00000000009A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9A0000
|
| Size: |
24576
|
|
|
69A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.000000000069A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
69A000
|
| Size: |
8192
|
|
|
89E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308382857.000000000089E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
89E000
|
| Size: |
8192
|
|
|
2096E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236023243.000000002096E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2096E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040722128.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3EFE2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3485114880.000000003EFE2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EFE2000
|
| Size: |
4096
|
|
|
6DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1384862733.00000000006DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DE000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041348013.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2936000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.0000000002936000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2936000
|
| Size: |
4096
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1109639983.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
53248
|
|
|
7EE80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1012501837.000000007EE80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE80000
|
| Size: |
40960
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1085573717.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036778924.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
728000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.0000000000728000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
728000
|
| Size: |
4096
|
|
|
248A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385867202.000000000248A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
248A000
|
| Size: |
8192
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1104823773.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
20C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236176192.0000000020C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C1E000
|
| Size: |
8192
|
|
|
2099A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1325945563.000000002099A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2099A000
|
| Size: |
12288
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028197064.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1012650522.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088407745.0000000000C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C50000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109999111.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
2248000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221757768.0000000002248000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2248000
|
| Size: |
4096
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107751587.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308142945.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
2474000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385867202.0000000002474000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2474000
|
| Size: |
8192
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1112035933.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
4821000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105835039.0000000004821000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4821000
|
| Size: |
28672
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029325447.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
24A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458488985.00000000024A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24A0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036085446.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7EDF9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1005432640.000000007EDF9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EDF9000
|
| Size: |
802816
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015730922.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
16384
|
|
|
485F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105960382.000000000485F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
485F000
|
| Size: |
114688
|
|
|
4B6C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1110386835.0000000004B6C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B6C000
|
| Size: |
1073152
|
|
|
735000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1466858840.0000000000735000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
735000
|
| Size: |
16384
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099183242.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030543613.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039682740.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107179565.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
155648
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029927841.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028503834.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039502803.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1043769364.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
23BA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137588012.00000000023BA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23BA000
|
| Size: |
8192
|
|
|
3EF21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077141002.000000003EF21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF21000
|
| Size: |
12288
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105317919.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
16384
|
|
|
75F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1010865026.000000000075F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
75F000
|
| Size: |
4096
|
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221061333.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D0000
|
| Size: |
16384
|
|
|
755000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308270552.0000000000755000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
755000
|
| Size: |
12288
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1220795294.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
325F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088547671.000000000325F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
325F000
|
| Size: |
4096
|
|
|
A2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467679428.0000000000A2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A2F000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035728508.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
209A1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1325945563.00000000209A1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
209A1000
|
| Size: |
4096
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136542560.0000000000487000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039824283.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
218D1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1041103196.00000000218D1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
218D1000
|
| Size: |
360448
|
|
|
72A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1083368653.000000000072A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
72A000
|
| Size: |
69632
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099391059.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
2095F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1482358628.000000002095F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2095F000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1107914377.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
2990000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1024105390.0000000002990000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2990000
|
| Size: |
4096
|
|
|
320F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1032761560.000000000320F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
320F000
|
| Size: |
4096
|
|
|
940000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1087918285.0000000000940000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
167936
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1026847030.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7EE10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1012678219.000000007EE10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE10000
|
| Size: |
4096
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099243833.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
20D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408611636.0000000020D10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20D10000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015191526.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
52D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112689878.000000000052D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52D000
|
| Size: |
24576
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022087627.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1045002949.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108593394.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
24576
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098820054.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038216829.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
9E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112973449.00000000009E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9E0000
|
| Size: |
16384
|
|
|
21ED000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221757768.00000000021ED000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21ED000
|
| Size: |
4096
|
|
|
2356000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385801001.0000000002356000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2356000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042323753.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
3F5C0000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3486028321.000000003F5C0000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F5C0000
|
| Size: |
344064
|
|
|
2925000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1138875710.0000000002925000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2925000
|
| Size: |
4096
|
|
|
4839000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108593394.0000000004839000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4839000
|
| Size: |
20480
|
|
|
4255000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1096894819.0000000004255000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4255000
|
| Size: |
278528
|
|
|
9D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385185958.00000000009D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D8000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
530000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021239264.0000000000530000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
530000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030734460.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034706418.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040017865.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
830000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221209861.0000000000830000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
830000
|
| Size: |
24576
|
|
|
20FDF000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1155935121.0000000020FDF000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FDF000
|
| Size: |
4096
|
|
|
426A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1094401156.000000000426A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
426A000
|
| Size: |
208896
|
|
|
234C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021832526.000000000234C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
234C000
|
| Size: |
4096
|
|
|
71D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112154782.000000000071D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71D000
|
| Size: |
4096
|
|
|
4255000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1094044111.0000000004255000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4255000
|
| Size: |
176128
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107179565.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
49152
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1024186285.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3EF9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113803354.000000003EF9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF9A000
|
| Size: |
4096
|
|
|
7EE3F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1007314594.000000007EE3F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE3F000
|
| Size: |
135168
|
|
|
2372000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137588012.0000000002372000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2372000
|
| Size: |
4096
|
|
|
2AE1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.3458576876.0000000002AE1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2AE1000
|
| Size: |
155648
|
|
|
2401000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458311704.0000000002401000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2401000
|
| Size: |
4096
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098714035.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
|
|
790000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1136850241.0000000000790000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
790000
|
| Size: |
4096
|
|
|
4261000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1093683239.0000000004261000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4261000
|
| Size: |
110592
|
|
|
4828000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105317919.0000000004828000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4828000
|
| Size: |
53248
|
|
|
76A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112505440.000000000076A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76A000
|
| Size: |
4096
|
|
|
2097E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039747251.000000002097E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2097E000
|
| Size: |
8192
|
|
|
24C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1468193849.00000000024C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C6000
|
| Size: |
8192
|
|
|
20FE1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1155935121.0000000020FE1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FE1000
|
| Size: |
163840
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108547934.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
172032
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1110063444.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
2084B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1154609770.000000002084B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2084B000
|
| Size: |
20480
|
|
|
20BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1483093364.0000000020BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BDF000
|
| Size: |
4096
|
|
|
20FD1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1155935121.0000000020FD1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FD1000
|
| Size: |
8192
|
|
|
73A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112770390.000000000073A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
73A000
|
| Size: |
4096
|
|
|
6EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136726355.00000000006EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EE000
|
| Size: |
8192
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1307867367.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
24A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458488985.00000000024A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24A3000
|
| Size: |
8192
|
|
|
4255000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1093547541.0000000004255000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4255000
|
| Size: |
86016
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029237496.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2094F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1154825018.000000002094F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2094F000
|
| Size: |
4096
|
|
|
7EEC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1006087736.000000007EEC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEC0000
|
| Size: |
4096
|
|
|
D0E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000009.00000000.1042776251.0000000000D0E000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
D0E000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109700883.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022134683.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107022339.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
36864
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023290314.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.0000000000690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
690000
|
| Size: |
36864
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041862600.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109116250.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4250000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098441665.0000000004250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4250000
|
| Size: |
393216
|
|
|
71F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077639644.000000000071F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71F000
|
| Size: |
16384
|
|
|
CE0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.1032561361.0000000000CE0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CE0000
|
| Size: |
4096
|
|
|
740000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308238579.0000000000740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
740000
|
| Size: |
4096
|
|
|
20C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039893749.0000000020C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C1E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042419927.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
482B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106803240.000000000482B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
482B000
|
| Size: |
24576
|
|
|
7F090000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059411896.000000007F090000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F090000
|
| Size: |
884736
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041106446.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1027820747.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
4C8C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108897478.0000000004C8C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C8C000
|
| Size: |
1073152
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028784767.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7E7A8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058221890.000000007E7A8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E7A8000
|
| Size: |
40960
|
|
|
7F081000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1005033922.000000007F081000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F081000
|
| Size: |
12288
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042088088.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022336219.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456429969.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456792070.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029116744.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
76F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112154782.000000000076F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76F000
|
| Size: |
8192
|
|
|
7EE5F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1013540415.000000007EE5F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE5F000
|
| Size: |
135168
|
|
|
72A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.000000000072A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
72A000
|
| Size: |
8192
|
|
|
28FA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222289305.00000000028FA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28FA000
|
| Size: |
4096
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108114790.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
49152
|
|
|
7E6A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1429475474.000000007E6A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E6A0000
|
| Size: |
4096
|
|
|
48C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136579393.000000000048C000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48C000
|
| Size: |
8192
|
|
|
293D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.000000000293D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
293D000
|
| Size: |
16384
|
|
|
22F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222193585.00000000022F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22F0000
|
| Size: |
4096
|
|
|
3F335000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113605388.000000003F335000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F335000
|
| Size: |
143360
|
|
|
24C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022504642.00000000024C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C3000
|
| Size: |
8192
|
|
|
71D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.000000000071D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71D000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
7E56C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1016317369.000000007E56C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E56C000
|
| Size: |
16384
|
|
|
7ED4F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1008126684.000000007ED4F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED4F000
|
| Size: |
135168
|
|
|
CE0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1031446932.0000000000CE0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CE0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038513169.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7EBC4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1009226371.000000007EBC4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBC4000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038723825.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4841000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107379565.0000000004841000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4841000
|
| Size: |
53248
|
|
|
483D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105317919.000000000483D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
483D000
|
| Size: |
4096
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1043838415.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
20FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236567627.0000000020FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FAF000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038588733.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236264939.0000000020D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D1F000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030583463.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3F25E000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3485150749.000000003F25E000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F25E000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109378453.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107434519.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
114688
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060655941.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
195000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099504803.0000000000195000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
195000
|
| Size: |
4096
|
|
|
7E718000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1057755881.000000007E718000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E718000
|
| Size: |
40960
|
|
|
206C5000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1151743194.00000000206C5000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206C5000
|
| Size: |
253952
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4250000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099004898.0000000004250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4250000
|
| Size: |
393216
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109532632.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
20E91000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000017.00000002.1327024337.0000000020E91000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20E91000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1110097031.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4836000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107075831.0000000004836000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4836000
|
| Size: |
8192
|
|
|
3EF21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113803354.000000003EF21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF21000
|
| Size: |
16384
|
|
|
91C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385101845.000000000091C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
91C000
|
| Size: |
16384
|
|
|
7EE60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1006837163.000000007EE60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE60000
|
| Size: |
458752
|
|
|
2A4B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309637941.0000000002A4B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A4B000
|
| Size: |
20480
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108854270.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
2944000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.0000000002944000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2944000
|
| Size: |
4096
|
|
|
9FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110224580.00000000009FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FD000
|
| Size: |
12288
|
|
|
5C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1020100386.00000000005C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C5000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108942278.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099111377.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
229376
|
|
|
2353000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021832526.0000000002353000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2353000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040428485.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038131046.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1012258519.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
4096
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106399234.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
8192
|
|
|
7FC08000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1002902051.000000007FC08000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC08000
|
| Size: |
16384
|
|
|
20E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1155847441.0000000020E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E6E000
|
| Size: |
8192
|
|
|
2961000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.0000000002961000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2961000
|
| Size: |
4096
|
|
|
244C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458456695.000000000244C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
244C000
|
| Size: |
16384
|
|
|
4831000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106425513.0000000004831000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4831000
|
| Size: |
8192
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3487482924.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
207CA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408039521.00000000207CA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207CA000
|
| Size: |
4096
|
|
|
4251000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1093223293.0000000004251000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4251000
|
| Size: |
24576
|
|
|
29DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458538700.00000000029DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29DB000
|
| Size: |
20480
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029055711.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20A9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1483021185.0000000020A9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A9F000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109345574.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
71D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112841046.000000000071D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71D000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038150172.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408744620.0000000020FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FAF000
|
| Size: |
4096
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108039851.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
|
|
7B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467049419.00000000007B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B3000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040989481.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385002430.00000000007B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B5000
|
| Size: |
12288
|
|
|
484B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105261674.000000000484B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
484B000
|
| Size: |
4096
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099475874.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109938836.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4258000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1093223293.0000000004258000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4258000
|
| Size: |
98304
|
|
|
20EA1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000017.00000002.1327024337.0000000020EA1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20EA1000
|
| Size: |
163840
|
|
|
7ED20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1135608829.000000007ED20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED20000
|
| Size: |
4096
|
|
|
208FE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471311250.00000000208FE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
208FE000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1031123576.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
5BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021376601.00000000005BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5BA000
|
| Size: |
12288
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022481496.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7FD30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1002428238.000000007FD30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD30000
|
| Size: |
1085440
|
|
|
20831000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408039521.0000000020831000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20831000
|
| Size: |
4096
|
|
|
D2A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.1043465230.0000000000D2A000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D2A000
|
| Size: |
12288
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1109880794.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
AEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137556148.0000000000AEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AEF000
|
| Size: |
4096
|
|
|
41B000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1088167805.000000000041B000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
41B000
|
| Size: |
36864
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1466550892.0000000000487000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
32DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110645096.00000000032DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32DF000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1031051177.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099553688.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
2101D000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.1156784994.000000002101D000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2101D000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
20724000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1151743194.0000000020724000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20724000
|
| Size: |
4096
|
|
|
3EFF7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112559586.000000003EFF7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EFF7000
|
| Size: |
4096
|
|
|
23F3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467742198.00000000023F3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23F3000
|
| Size: |
4096
|
|
|
5C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1020075804.00000000005C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C5000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040454328.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20914000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471311250.0000000020914000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20914000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035930555.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7ECBF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058736372.000000007ECBF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECBF000
|
| Size: |
32768
|
|
|
7EFA5000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1005033922.000000007EFA5000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EFA5000
|
| Size: |
868352
|
|
|
4244000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099004898.0000000004244000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4244000
|
| Size: |
8192
|
|
|
239E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309484442.000000000239E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
239E000
|
| Size: |
8192
|
|
|
B8A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088286883.0000000000B8A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B8A000
|
| Size: |
24576
|
|
|
20E9B000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000017.00000002.1327024337.0000000020E9B000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20E9B000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1025640699.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20726000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1481043998.0000000020726000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20726000
|
| Size: |
4096
|
|
|
20838000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408039521.0000000020838000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20838000
|
| Size: |
8192
|
|
|
23C8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137588012.00000000023C8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C8000
|
| Size: |
4096
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111930427.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
225280
|
|
|
726000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112154782.0000000000726000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
726000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109564006.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022189267.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
8A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308421051.00000000008A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8A0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039189348.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035363291.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
76C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020804792.000000000076C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76C000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041754924.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236603947.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
2EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110365468.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036121054.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7E730000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1170557379.000000007E730000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E730000
|
| Size: |
4096
|
|
|
35D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1043085539.000000000035D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35D000
|
| Size: |
12288
|
|
|
7EFC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059310094.000000007EFC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EFC0000
|
| Size: |
49152
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022227195.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
792000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1010865026.0000000000792000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
792000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041882775.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
21336000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1014610290.0000000021336000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21336000
|
| Size: |
2170880
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039344772.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088319740.0000000000BF0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039568955.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
CE1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000000.1031554092.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
CE1000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106106366.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
126976
|
|
|
7EE40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1170824962.000000007EE40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE40000
|
| Size: |
4096
|
|
|
211F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040850987.00000000211F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
211F0000
|
| Size: |
4096
|
|
|
D2E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.1043465230.0000000000D2E000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D2E000
|
| Size: |
49152
|
|
|
2093F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408378177.000000002093F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2093F000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039005787.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029259580.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036023110.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
880000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1043210022.0000000000880000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
880000
|
| Size: |
20480
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028170091.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
9ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111442562.00000000009ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9ED000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036862113.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
23FA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458311704.00000000023FA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23FA000
|
| Size: |
4096
|
|
|
4283000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1094652340.0000000004283000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4283000
|
| Size: |
126976
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040160299.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1001251095.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044515797.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2498000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385867202.0000000002498000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2498000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023328782.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028426376.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
293D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222289305.000000000293D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
293D000
|
| Size: |
12288
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108828283.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1220841894.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
2CF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1088087129.0000000002CF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CF8000
|
| Size: |
77824
|
|
|
20938000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471311250.0000000020938000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20938000
|
| Size: |
8192
|
|
|
78B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1044929961.000000000078B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
78B000
|
| Size: |
32768
|
|
|
7C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467106249.00000000007C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C0000
|
| Size: |
4096
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136459530.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
2160000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3458192259.0000000002160000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2160000
|
| Size: |
4096
|
|
|
195000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099334367.0000000000195000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
195000
|
| Size: |
4096
|
|
|
23DD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458311704.00000000023DD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23DD000
|
| Size: |
4096
|
|
|
20734000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1481043998.0000000020734000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20734000
|
| Size: |
4096
|
|
|
2921000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1138775478.0000000002921000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2921000
|
| Size: |
16384
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1025689630.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035846712.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039173065.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022632161.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108042021.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
208CA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471311250.00000000208CA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
208CA000
|
| Size: |
4096
|
|
|
794000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1014438280.0000000000794000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
794000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022917013.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
63E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457056393.000000000063E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
63E000
|
| Size: |
8192
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1088059907.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
4C8D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1110256894.0000000004C8D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C8D000
|
| Size: |
1073152
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106718933.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
147456
|
|
|
2408000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467742198.0000000002408000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2408000
|
| Size: |
4096
|
|
|
4DAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1110816905.0000000004DAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DAE000
|
| Size: |
1228800
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221007515.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
3F2AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113605388.000000003F2AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F2AD000
|
| Size: |
4096
|
|
|
233F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385774384.000000000233F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
233F000
|
| Size: |
4096
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1086327549.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
4241000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098559881.0000000004241000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4241000
|
| Size: |
24576
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038865153.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
707000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077639644.0000000000707000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
707000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099582003.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029467000.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1104953601.0000000004A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
4096
|
|
|
728000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112841046.0000000000728000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
728000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1013034618.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
4A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105048463.0000000004A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
4096
|
|
|
726000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.0000000000726000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
726000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
466E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1109783271.000000000466E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
466E000
|
| Size: |
618496
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038610028.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1025847068.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1012650522.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038783691.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7F840000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060285287.000000007F840000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F840000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034791238.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308270552.0000000000750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
16384
|
|
|
48C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1220923367.000000000048C000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48C000
|
| Size: |
12288
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108916872.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030881268.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1466455649.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
24A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1022458114.00000000024A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
24A0000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034467182.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107557048.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
114688
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107148670.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
114688
|
|
|
4A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1104975065.0000000004A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
4096
|
|
|
2070C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1151743194.000000002070C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2070C000
|
| Size: |
16384
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099208585.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
7E571000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1016317369.000000007E571000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E571000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036621869.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
D0E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1032603928.0000000000D0E000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D0E000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036139918.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
4BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112625897.00000000004BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BE000
|
| Size: |
8192
|
|
|
2154B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1014610290.000000002154B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2154B000
|
| Size: |
24576
|
|
|
3F6D2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112721936.000000003F6D2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F6D2000
|
| Size: |
4096
|
|
|
728000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1083368653.0000000000728000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
728000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028426376.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1107949015.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
CE1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.1032578132.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
CE1000
|
| Size: |
180224
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038252555.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1157125504.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
325A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1032956435.000000000325A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
325A000
|
| Size: |
32768
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030813604.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109143093.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1027794218.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
228E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222101499.000000000228E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
228E000
|
| Size: |
8192
|
|
|
4866000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106058003.0000000004866000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4866000
|
| Size: |
110592
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1307986588.0000000000487000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
7ED20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000003.1465753197.000000007ED20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED20000
|
| Size: |
4096
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1033954435.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029777852.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2935000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000019.00000002.1468574713.0000000002935000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2935000
|
| Size: |
4096
|
|
|
9ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1093413672.00000000009ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9ED000
|
| Size: |
8192
|
|
|
3EC90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3484907371.000000003EC90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EC90000
|
| Size: |
4096
|
|
|
3EFD7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113230812.000000003EFD7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EFD7000
|
| Size: |
20480
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108171510.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038112172.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028698392.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105988221.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
126976
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022574511.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20BAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236138802.0000000020BAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BAF000
|
| Size: |
4096
|
|
|
2083E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039686845.000000002083E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2083E000
|
| Size: |
8192
|
|
|
4843000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106597331.0000000004843000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4843000
|
| Size: |
12288
|
|
|
794000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1045002949.0000000000794000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
794000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042211412.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7ED70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1170783400.000000007ED70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED70000
|
| Size: |
4096
|
|
|
4FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1044742607.00000000004FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FC000
|
| Size: |
16384
|
|
|
1D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112394657.00000000001D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0000
|
| Size: |
4096
|
|
|
22C1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308930317.00000000022C1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22C1000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044117418.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471728391.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
729000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1011132822.0000000000729000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
729000
|
| Size: |
86016
|
|
|
98E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021767893.000000000098E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98E000
|
| Size: |
8192
|
|
|
6FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077975115.00000000006FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FF000
|
| Size: |
32768
|
|
|
472B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1087268068.000000000472B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
472B000
|
| Size: |
1028096
|
|
|
20E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408671740.0000000020E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E6E000
|
| Size: |
8192
|
|
|
2290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222135394.0000000002290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2290000
|
| Size: |
4096
|
|
|
75E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1384919789.000000000075E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
75E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042496549.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108014365.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
23C1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137588012.00000000023C1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C1000
|
| Size: |
4096
|
|
|
C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1032384294.0000000000C50000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C50000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015310530.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039250087.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3320000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088570928.0000000003320000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3320000
|
| Size: |
8192
|
|
|
4230000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111848355.0000000004230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4230000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1021812816.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1171112867.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
770000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1083153148.0000000000770000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
770000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029603353.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
292E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222289305.000000000292E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
292E000
|
| Size: |
8192
|
|
|
534000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112689878.0000000000534000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
534000
|
| Size: |
32768
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037588559.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
73F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1010865026.000000000073F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
73F000
|
| Size: |
126976
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4261000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1109541200.0000000004261000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4261000
|
| Size: |
319488
|
|
|
21565000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040975298.0000000021565000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21565000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029284229.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
D0E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1043442356.0000000000D0E000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D0E000
|
| Size: |
4096
|
|
|
4251000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098308828.0000000004251000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4251000
|
| Size: |
712704
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109659091.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
20FB1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1010680580.0000000020FB1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FB1000
|
| Size: |
466944
|
|
|
8C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.1308457807.00000000008C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8C0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040669223.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7E730000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058221890.000000007E730000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E730000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030904358.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042271907.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20BBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408511210.0000000020BBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BBF000
|
| Size: |
4096
|
|
|
268B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1392538285.000000000268B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
268B000
|
| Size: |
20480
|
|
|
20ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408479557.0000000020ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20ABE000
|
| Size: |
8192
|
|
|
20EE5000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1327781584.0000000020EE5000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20EE5000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042401836.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041106446.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
48C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1384765650.000000000048C000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48C000
|
| Size: |
8192
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1384833580.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1016434067.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
16384
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1087806761.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
2901000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000019.00000002.1468273205.0000000002901000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2901000
|
| Size: |
155648
|
|
|
2B81000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309877909.0000000002B81000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2B81000
|
| Size: |
16384
|
|
|
717000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077639644.0000000000717000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
717000
|
| Size: |
16384
|
|
|
9E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111694467.00000000009E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9E6000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1026823303.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7EDF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1005432640.000000007EDF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EDF0000
|
| Size: |
8192
|
|
|
728000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077639644.0000000000728000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
728000
|
| Size: |
4096
|
|
|
2B15000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3458819987.0000000002B15000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2B15000
|
| Size: |
4096
|
|
|
6DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1466717907.00000000006DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DE000
|
| Size: |
8192
|
|
|
20EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040052270.0000000020EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EAE000
|
| Size: |
8192
|
|
|
2280000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308930317.0000000002280000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2280000
|
| Size: |
8192
|
|
|
3EFD2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113803354.000000003EFD2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EFD2000
|
| Size: |
4096
|
|
|
7EE00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1006245367.000000007EE00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE00000
|
| Size: |
4096
|
|
|
7EDE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1009391505.000000007EDE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EDE0000
|
| Size: |
831488
|
|
|
3EFF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112116943.000000003EFF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EFF8000
|
| Size: |
16384
|
|
|
4842000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106338011.0000000004842000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4842000
|
| Size: |
24576
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040937085.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
48C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308024384.000000000048C000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48C000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029538204.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7ED9F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1007655621.000000007ED9F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED9F000
|
| Size: |
200704
|
|
|
8AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136971517.00000000008AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8AE000
|
| Size: |
8192
|
|
|
930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1043227201.0000000000930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
36864
|
|
|
7EE8E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1012501837.000000007EE8E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE8E000
|
| Size: |
270336
|
|
|
71A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112841046.000000000071A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71A000
|
| Size: |
4096
|
|
|
8BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385073770.00000000008BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8BF000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039720963.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108223208.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
206EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039547055.00000000206EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
206EC000
|
| Size: |
16384
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029948752.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
21051000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040151856.0000000021051000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21051000
|
| Size: |
16384
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1384645797.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
23EC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467742198.00000000023EC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23EC000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041976510.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040088832.0000000020FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FAF000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029449977.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023834350.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3EFC9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113803354.000000003EFC9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EFC9000
|
| Size: |
4096
|
|
|
97E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385148502.000000000097E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
97E000
|
| Size: |
8192
|
|
|
20AEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1326879986.0000000020AEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20AEE000
|
| Size: |
8192
|
|
|
4826000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1113176349.0000000004826000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4826000
|
| Size: |
4096
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034014716.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
450000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021156566.0000000000450000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450000
|
| Size: |
4096
|
|
|
488000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456590492.0000000000488000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
488000
|
| Size: |
4096
|
|
|
207E9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039580802.00000000207E9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207E9000
|
| Size: |
20480
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1016707463.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
16384
|
|
|
4250000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1104852034.0000000004250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4250000
|
| Size: |
393216
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1021841002.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
484E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108717445.000000000484E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
484E000
|
| Size: |
139264
|
|
|
7EE10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1013540415.000000007EE10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE10000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039445077.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
487000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1001385754.0000000000487000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
487000
|
| Size: |
12288
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1087860008.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
6FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112841046.00000000006FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FF000
|
| Size: |
32768
|
|
|
2B11000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458730710.0000000002B11000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2B11000
|
| Size: |
16384
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044220003.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039135555.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7EDF4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1005432640.000000007EDF4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EDF4000
|
| Size: |
16384
|
|
|
7FB00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1002902051.000000007FB00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB00000
|
| Size: |
1069056
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1026057589.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037892540.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
790000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467021511.0000000000790000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
790000
|
| Size: |
4096
|
|
|
4821000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106920791.0000000004821000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4821000
|
| Size: |
32768
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108248533.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
23C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467742198.00000000023C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C0000
|
| Size: |
8192
|
|
|
2071E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1481043998.000000002071E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2071E000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109402308.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108316273.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
713000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112841046.0000000000713000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
713000
|
| Size: |
4096
|
|
|
7EDD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1007314594.000000007EDD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EDD0000
|
| Size: |
4096
|
|
|
3EC90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1429393055.000000003EC90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EC90000
|
| Size: |
4096
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236603947.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1016294019.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
16384
|
|
|
423F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111765655.000000000423F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
423F000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023944917.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035656677.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2097E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408411061.000000002097E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2097E000
|
| Size: |
8192
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106294415.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
32768
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029076585.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
22A4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308930317.00000000022A4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22A4000
|
| Size: |
8192
|
|
|
484F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107325215.000000000484F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
484F000
|
| Size: |
12288
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034467182.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108773418.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4F50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1019633992.0000000004F50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F50000
|
| Size: |
4096
|
|
|
48E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1001385754.000000000048E000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
48E000
|
| Size: |
12288
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015618875.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7EE94000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1009791793.000000007EE94000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE94000
|
| Size: |
208896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1466582649.000000000048A000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
3068000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088485447.0000000003068000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3068000
|
| Size: |
102400
|
|
|
300D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1012305951.000000000300D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
300D000
|
| Size: |
4096
|
|
|
2072D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1481043998.000000002072D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2072D000
|
| Size: |
12288
|
|
|
CE1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000009.00000002.1043411570.0000000000CE1000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
CE1000
|
| Size: |
180224
|
|
|
20E71000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000017.00000002.1327024337.0000000020E71000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20E71000
|
| Size: |
122880
|
|
|
2080D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408039521.000000002080D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2080D000
|
| Size: |
12288
|
|
|
646000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020299828.0000000000646000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
646000
|
| Size: |
12288
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1107662559.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107325215.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
114688
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106718933.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
28672
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041013974.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028595345.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023969268.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
483D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106106366.000000000483D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
483D000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022269988.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1236438292.0000000020D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D6E000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1014438280.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034172429.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111765655.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2361000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021832526.0000000002361000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2361000
|
| Size: |
4096
|
|
|
7ED20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1383968366.000000007ED20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED20000
|
| Size: |
4096
|
|
|
315C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1085718417.000000000315C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
315C000
|
| Size: |
8192
|
|
|
7ECF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1009706408.000000007ECF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECF0000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022481496.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
4834000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106425513.0000000004834000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4834000
|
| Size: |
4096
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1086015934.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
2A07000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1393736798.0000000002A07000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A07000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034586911.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2B77000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309877909.0000000002B77000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2B77000
|
| Size: |
4096
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107593101.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
40960
|
|
|
4241000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108484991.0000000004241000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4241000
|
| Size: |
294912
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136881897.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
16384
|
|
|
20FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1155906232.0000000020FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FAF000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028369436.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107494117.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038056736.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030642757.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1154912663.0000000020A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A8F000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015969863.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
890000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021519797.0000000000890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
890000
|
| Size: |
24576
|
|
|
73B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1083153148.000000000073B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
73B000
|
| Size: |
196608
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029865887.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1027591075.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
13C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112182754.000000000013C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13C000
|
| Size: |
4096
|
|
|
335D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1088012723.000000000335D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
335D000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
61E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020210693.000000000061E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61E000
|
| Size: |
8192
|
|
|
CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1032542583.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CA0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040691296.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1024028280.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037525359.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1043343889.0000000000C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C50000
|
| Size: |
12288
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1012388261.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1110026535.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109479713.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
20ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1154944869.0000000020ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20ACE000
|
| Size: |
8192
|
|
|
4261000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1110525456.0000000004261000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4261000
|
| Size: |
319488
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1086048353.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015254105.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
24C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022504642.00000000024C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C0000
|
| Size: |
4096
|
|
|
7EEBE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1005432640.000000007EEBE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEBE000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1033454889.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
2A0C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1393736798.0000000002A0C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A0C000
|
| Size: |
4096
|
|
|
5D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456833574.00000000005D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D0000
|
| Size: |
8192
|
|
|
2106000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221689544.0000000002106000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2106000
|
| Size: |
8192
|
|
|
20EDD000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.1327588240.0000000020EDD000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
20EDD000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4838000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105768855.0000000004838000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4838000
|
| Size: |
12288
|
|
|
20D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1483161622.0000000020D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D1F000
|
| Size: |
4096
|
|
|
292C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1468475455.000000000292C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
292C000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041277980.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044096866.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
4836000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106872503.0000000004836000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4836000
|
| Size: |
8192
|
|
|
4833000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106294415.0000000004833000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4833000
|
| Size: |
45056
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015382393.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
300E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109700883.000000000300E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
300E000
|
| Size: |
4096
|
|
|
716000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112841046.0000000000716000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
716000
|
| Size: |
12288
|
|
|
7EDF1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058836779.000000007EDF1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EDF1000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029577001.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
D2E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1031828286.0000000000D2E000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D2E000
|
| Size: |
49152
|
|
|
7EEC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1005432640.000000007EEC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEC0000
|
| Size: |
16384
|
|
|
20FB1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1155935121.0000000020FB1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FB1000
|
| Size: |
122880
|
|
|
21177000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040490769.0000000021177000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21177000
|
| Size: |
495616
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041703068.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105235322.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1024258590.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
860000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458057801.0000000000860000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
860000
|
| Size: |
32768
|
|
|
4241000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098714035.0000000004241000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4241000
|
| Size: |
20480
|
|
|
9EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1113005732.00000000009EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9EE000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023897899.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
21F2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221757768.00000000021F2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21F2000
|
| Size: |
4096
|
|
|
20748000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1151743194.0000000020748000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20748000
|
| Size: |
8192
|
|
|
6CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020804792.00000000006CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CA000
|
| Size: |
8192
|
|
|
4A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1104999173.0000000004A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
4096
|
|
|
7ECE0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1008126684.000000007ECE0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECE0000
|
| Size: |
4096
|
|
|
7F08C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059310094.000000007F08C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F08C000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030123568.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038271878.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
2B51000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000017.00000002.1309705186.0000000002B51000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2B51000
|
| Size: |
155648
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030165446.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3350000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088598013.0000000003350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3350000
|
| Size: |
8192
|
|
|
71F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112841046.000000000071F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71F000
|
| Size: |
8192
|
|
|
70E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.000000000070E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70E000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1087183988.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
2F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110425091.0000000002F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
8192
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105143787.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
16384
|
|
|
20E9F000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000017.00000002.1327024337.0000000020E9F000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20E9F000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1025548712.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
8DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112894521.00000000008DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8DE000
|
| Size: |
8192
|
|
|
4841000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107987255.0000000004841000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4841000
|
| Size: |
20480
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1220923367.000000000048A000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
4F40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088625845.0000000004F40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F40000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1021841002.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
32E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110690377.00000000032E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32E0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037986785.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
14F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112182754.000000000014F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14F000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038433762.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
482B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107075831.000000000482B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
482B000
|
| Size: |
36864
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022725544.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7ED20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000003.1306693064.000000007ED20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED20000
|
| Size: |
4096
|
|
|
767000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1010865026.0000000000767000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
767000
|
| Size: |
24576
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041512556.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1031028619.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1016434067.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
71D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077639644.000000000071D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71D000
|
| Size: |
4096
|
|
|
2272000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308930317.0000000002272000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2272000
|
| Size: |
4096
|
|
|
20BEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1326916859.0000000020BEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BEF000
|
| Size: |
4096
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107267901.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105143787.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030073401.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
20EDA000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.1327588240.0000000020EDA000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
20EDA000
|
| Size: |
4096
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1109993281.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
180224
|
|
|
5D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021412603.00000000005D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D6000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028956354.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040598824.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1024903022.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039005787.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
4241000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107523787.0000000004241000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4241000
|
| Size: |
163840
|
|
|
930000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112945607.0000000000930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
8192
|
|
|
229D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308930317.000000000229D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
229D000
|
| Size: |
4096
|
|
|
790000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000018.00000002.1384978647.0000000000790000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
790000
|
| Size: |
4096
|
|
|
195000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099448354.0000000000195000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
195000
|
| Size: |
4096
|
|
|
20C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1326951847.0000000020C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C2E000
|
| Size: |
8192
|
|
|
137000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112182754.0000000000137000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
137000
|
| Size: |
4096
|
|
|
680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457115694.0000000000680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
680000
|
| Size: |
4096
|
|
|
2093A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1325945563.000000002093A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2093A000
|
| Size: |
4096
|
|
|
20D2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1326988736.0000000020D2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D2F000
|
| Size: |
4096
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020072058.0000000000487000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041812361.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
711000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077639644.0000000000711000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
711000
|
| Size: |
16384
|
|
|
B2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467711313.0000000000B2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B2F000
|
| Size: |
4096
|
|
|
719000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1083368653.0000000000719000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
719000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034614161.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456899449.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
16384
|
|
|
3EC90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1170462370.000000003EC90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EC90000
|
| Size: |
4096
|
|
|
2483000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385867202.0000000002483000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2483000
|
| Size: |
4096
|
|
|
9A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385185958.00000000009A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9A8000
|
| Size: |
192512
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041913856.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2830000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.0000000002830000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2830000
|
| Size: |
4096
|
|
|
4844000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106195177.0000000004844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4844000
|
| Size: |
221184
|
|
|
2100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221689544.0000000002100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2100000
|
| Size: |
16384
|
|
|
72C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1077407447.000000000072C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
72C000
|
| Size: |
282624
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1113176349.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
4096
|
|
|
23FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222261951.00000000023FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
23FF000
|
| Size: |
4096
|
|
|
2074A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1481043998.000000002074A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2074A000
|
| Size: |
12288
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036139918.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037970470.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3F670000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3486971960.000000003F670000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F670000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040369486.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20716000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1151743194.0000000020716000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20716000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029097923.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
510000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112689878.0000000000510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
510000
|
| Size: |
24576
|
|
|
2140000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458166980.0000000002140000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2140000
|
| Size: |
4096
|
|
|
23E4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467742198.00000000023E4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23E4000
|
| Size: |
8192
|
|
|
29C5000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1024383111.00000000029C5000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
29C5000
|
| Size: |
20480
|
|
|
423C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111848355.000000000423C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
423C000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038493386.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385801001.0000000002350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2350000
|
| Size: |
16384
|
|
|
4255000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1097227975.0000000004255000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4255000
|
| Size: |
626688
|
|
|
307F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1085655233.000000000307F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
307F000
|
| Size: |
167936
|
|
|
2092A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471311250.000000002092A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2092A000
|
| Size: |
12288
|
|
|
24C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1468193849.00000000024C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C0000
|
| Size: |
16384
|
|
|
724000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.0000000000724000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
724000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
21945000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041431257.0000000021945000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21945000
|
| Size: |
8192
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020096557.000000000048A000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
20480
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1113112181.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1027959101.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7EDAF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1009706408.000000007EDAF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EDAF000
|
| Size: |
49152
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029038525.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
23E4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458311704.00000000023E4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23E4000
|
| Size: |
4096
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106359656.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
8192
|
|
|
3EF20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3485084103.000000003EF20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EF20000
|
| Size: |
4096
|
|
|
45C000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1087235223.000000000045C000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
45C000
|
| Size: |
24576
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044305976.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000019.00000002.1467132938.00000000007D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
2224000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221757768.0000000002224000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2224000
|
| Size: |
8192
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1087011178.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
2CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1088087129.0000000002CF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CF0000
|
| Size: |
24576
|
|
|
7EF8F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059161458.000000007EF8F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF8F000
|
| Size: |
57344
|
|
|
4846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107434519.0000000004846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4846000
|
| Size: |
32768
|
|
|
4828000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105292911.0000000004828000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4828000
|
| Size: |
53248
|
|
|
2D0C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1088087129.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C000
|
| Size: |
24576
|
|
|
20CFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408580551.0000000020CFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20CFF000
|
| Size: |
4096
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1086530554.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
20707000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1151743194.0000000020707000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20707000
|
| Size: |
16384
|
|
|
20D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471688832.0000000020D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D1F000
|
| Size: |
4096
|
|
|
4720000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1113142305.0000000004720000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4720000
|
| Size: |
4096
|
|
|
838000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221209861.0000000000838000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
838000
|
| Size: |
188416
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408779236.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
2936000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222289305.0000000002936000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2936000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044345029.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039890630.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028310646.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028765452.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4250000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098714035.0000000004250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4250000
|
| Size: |
393216
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028856317.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20EE2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1327781584.0000000020EE2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20EE2000
|
| Size: |
8192
|
|
|
4250000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098559881.0000000004250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4250000
|
| Size: |
393216
|
|
|
4843000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1111139642.0000000004843000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4843000
|
| Size: |
12288
|
|
|
2097D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1325945563.000000002097D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2097D000
|
| Size: |
12288
|
|
|
2DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110306358.0000000002DC0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DC0000
|
| Size: |
4096
|
|
|
4250000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098820054.0000000004250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4250000
|
| Size: |
393216
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108572223.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035081808.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108341482.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
21022000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040151856.0000000021022000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
180224
|
|
|
70E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112841046.000000000070E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70E000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
23F3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458311704.00000000023F3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23F3000
|
| Size: |
4096
|
|
|
866000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1467159956.0000000000866000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
866000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7EC20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1008254350.000000007EC20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC20000
|
| Size: |
4096
|
|
|
2A15000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000018.00000002.1393862019.0000000002A15000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2A15000
|
| Size: |
4096
|
|
|
195000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099421638.0000000000195000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
195000
|
| Size: |
4096
|
|
|
3EC90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1249634373.000000003EC90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EC90000
|
| Size: |
4096
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1043860281.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015079280.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
71A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020804792.000000000071A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71A000
|
| Size: |
81920
|
|
|
7ED70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058836779.000000007ED70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED70000
|
| Size: |
282624
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456529215.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
2092F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1235988667.000000002092F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2092F000
|
| Size: |
4096
|
|
|
20AAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1326844429.0000000020AAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20AAF000
|
| Size: |
4096
|
|
|
483D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105768855.000000000483D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
483D000
|
| Size: |
4096
|
|
|
76F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3457176882.000000000076F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76F000
|
| Size: |
4096
|
|
|
7EE80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1013184294.000000007EE80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE80000
|
| Size: |
40960
|
|
|
4829000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1098386907.0000000004829000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4829000
|
| Size: |
380928
|
|
|
B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1087996841.0000000000B60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B60000
|
| Size: |
4096
|
|
|
31DF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110581238.00000000031DF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31DF000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035868135.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028805165.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029513239.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20BBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039856135.0000000020BBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BBF000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022433533.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
222C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221757768.000000000222C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
222C000
|
| Size: |
4096
|
|
|
D2A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.1032647224.0000000000D2A000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D2A000
|
| Size: |
12288
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308024384.000000000048A000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
7E570000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1017948558.000000007E570000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E570000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037658977.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7E7C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058363829.000000007E7C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E7C0000
|
| Size: |
4096
|
|
|
7E8BF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058500347.000000007E8BF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E8BF000
|
| Size: |
77824
|
|
|
AC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1087802915.0000000000AC0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AC0000
|
| Size: |
4096
|
|
|
72E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1136764342.000000000072E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
72E000
|
| Size: |
8192
|
|
|
AD0000
|
heap
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.1087849782.0000000000AD0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
AD0000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044325259.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037658977.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1043792746.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
4F41000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1085918913.0000000004F41000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F41000
|
| Size: |
229376
|
|
|
6D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221061333.00000000006D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D5000
|
| Size: |
16384
|
|
|
3F50D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1113535849.000000003F50D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F50D000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109506205.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
69E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020746513.000000000069E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
69E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030667634.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030186668.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4A80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1088337541.0000000004A80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A80000
|
| Size: |
8192
|
|
|
2450000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385867202.0000000002450000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2450000
|
| Size: |
8192
|
|
|
20E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1040014983.0000000020E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E6E000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108541852.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1086984326.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
7E6A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1497115080.000000007E6A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E6A0000
|
| Size: |
4096
|
|
|
2892000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.0000000002892000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2892000
|
| Size: |
307200
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
CFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1110248887.0000000000CFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CFD000
|
| Size: |
12288
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107670347.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030757812.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1088381172.0000000000C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C4E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028833076.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1016707463.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
246D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385867202.000000000246D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
246D000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038093344.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
716000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112154782.0000000000716000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
716000
|
| Size: |
20480
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030922196.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
A7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1087755557.0000000000A7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A7C000
|
| Size: |
16384
|
|
|
2380000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137588012.0000000002380000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2380000
|
| Size: |
8192
|
|
|
2B4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1309678765.0000000002B4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B4F000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108680755.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7EED0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1005033922.000000007EED0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EED0000
|
| Size: |
868352
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029135131.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029998817.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1087903725.0000000000B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B1E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1024441408.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105691028.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
126976
|
|
|
2101A000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
0000000D.00000002.1156784994.000000002101A000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2101A000
|
| Size: |
4096
|
|
|
301D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1107564297.000000000301D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301D000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040404818.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035596786.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015841068.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
300D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1012116370.000000000300D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
300D000
|
| Size: |
4096
|
|
|
206EA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1481043998.00000000206EA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206EA000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042088088.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
20931000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3471311250.0000000020931000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20931000
|
| Size: |
4096
|
|
|
20FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1483288700.0000000020FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FAF000
|
| Size: |
4096
|
|
|
6FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1043146550.00000000006FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FD000
|
| Size: |
12288
|
|
|
6DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021450790.00000000006DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DF000
|
| Size: |
4096
|
|
|
794000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1012524117.0000000000794000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
794000
|
| Size: |
8192
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105880348.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
241664
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030045844.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408705479.0000000020EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EAE000
|
| Size: |
8192
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029603353.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
794000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1015445239.0000000000794000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
794000
|
| Size: |
8192
|
|
|
8F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308488165.00000000008F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F8000
|
| Size: |
180224
|
|
|
8FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1137011142.00000000008FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8FA000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035728508.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030601848.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
2312000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021832526.0000000002312000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2312000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023866805.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
76A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1112154782.000000000076A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76A000
|
| Size: |
4096
|
|
|
7BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1034435033.00000000007BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE000
|
| Size: |
12288
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1037450642.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1023032296.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7E7C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1170598940.000000007E7C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E7C0000
|
| Size: |
4096
|
|
|
4821000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106803240.0000000004821000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4821000
|
| Size: |
28672
|
|
|
4841000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1110660293.0000000004841000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4841000
|
| Size: |
20480
|
|
|
6C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020804792.00000000006C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C0000
|
| Size: |
32768
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1039523520.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
940000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105430871.0000000000940000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
940000
|
| Size: |
167936
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040128327.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035245323.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3456646516.000000000048A000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1035437439.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041838741.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1088167805.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
106496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105022071.0000000004A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044287289.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2442000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1385867202.0000000002442000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2442000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1044117418.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
3F296000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3485832473.000000003F296000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3F296000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038884207.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
20EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1155877109.0000000020EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EAE000
|
| Size: |
8192
|
|
|
B2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1043263017.0000000000B2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B2F000
|
| Size: |
4096
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108450334.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
4721000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1087784253.0000000004721000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4721000
|
| Size: |
65536
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099306759.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1027691329.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4853000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1107794376.0000000004853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4853000
|
| Size: |
114688
|
|
|
2863000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.0000000002863000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2863000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038937793.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
518000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1112689878.0000000000518000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
518000
|
| Size: |
81920
|
|
|
81F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221182506.000000000081F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81F000
|
| Size: |
4096
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1020028942.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1040819204.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
2D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1032683370.0000000002D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D7E000
|
| Size: |
8192
|
|
|
42B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1108448135.00000000042B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42B2000
|
| Size: |
4096
|
|
|
925000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1308488165.0000000000925000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
925000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2931000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1468475455.0000000002931000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2931000
|
| Size: |
16384
|
|
|
21C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3458216850.00000000021C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21C6000
|
| Size: |
12288
|
|
|
335D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1087941719.000000000335D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
335D000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036000810.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2082E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1235950497.000000002082E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2082E000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042027927.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
3EE1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3485017616.000000003EE1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EE1E000
|
| Size: |
8192
|
|
|
2320000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1021832526.0000000002320000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2320000
|
| Size: |
8192
|
|
|
295A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.000000000295A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
295A000
|
| Size: |
16384
|
|
|
2953000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1022601820.0000000002953000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2953000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1022249853.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1408779236.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1036951786.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1384765650.000000000048A000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
59E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1021312247.000000000059E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59E000
|
| Size: |
8192
|
|
|
867000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221209861.0000000000867000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
867000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1038531643.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2A11000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.1393736798.0000000002A11000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2A11000
|
| Size: |
16384
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1088083904.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
3EDDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3484986474.000000003EDDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EDDF000
|
| Size: |
4096
|
|
|
483D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105880348.000000000483D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
483D000
|
| Size: |
4096
|
|
|
4840000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106523565.0000000004840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4840000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1042126495.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
2099E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.1482391478.000000002099E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2099E000
|
| Size: |
8192
|
|
|
AED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.1032316797.0000000000AED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AED000
|
| Size: |
12288
|
|
|
7E3C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1016317369.000000007E3C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E3C0000
|
| Size: |
1740800
|
|
|
20EC9000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.1327588240.0000000020EC9000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
20EC9000
|
| Size: |
40960
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1041402408.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1220883266.0000000000487000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1029664165.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108374947.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
7ECAF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1008254350.000000007ECAF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECAF000
|
| Size: |
200704
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028877562.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1109587976.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
2241000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1221757768.0000000002241000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2241000
|
| Size: |
4096
|
|
|
793000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1030813604.0000000000793000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
793000
|
| Size: |
12288
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108295893.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
2944000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1222289305.0000000002944000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2944000
|
| Size: |
4096
|
|
|
97F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1045072479.000000000097F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
97F000
|
| Size: |
4096
|
|
|
7AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1028724726.00000000007AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD000
|
| Size: |
8192
|
|
|
7F16B000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059411896.000000007F16B000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F16B000
|
| Size: |
4096
|
|
|
7BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1031289479.00000000007BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF000
|
| Size: |
8192
|
|
|
4828000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1105691028.0000000004828000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4828000
|
| Size: |
77824
|
|
|
20ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1039819909.0000000020ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20ABE000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108715180.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
301E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1108079339.000000000301E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301E000
|
| Size: |
8192
|
|
|
194000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1099362116.0000000000194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
194000
|
| Size: |
8192
|
|
|
28F1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
0000000D.00000002.1138603449.00000000028F1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
28F1000
|
| Size: |
155648
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1001270824.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
548864
|
|
|
4838000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1106523565.0000000004838000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4838000
|
| Size: |
24576
|
|
