|
7FBC0000
|
direct allocation
|
page read and write
|
 |
|
|
| Name: |
00000000.00000002.1244245667.000000007FBC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBC0000
|
| Size: |
221184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected DBatLoader |
Data Obfuscation |
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1301302942.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
376832
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
21038000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.3656281326.0000000021038000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21038000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3F6B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1305284491.000000003F6B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F6B3000
|
| Size: |
405504
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| Found strings which match to known social media urls |
Networking |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
22F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200844013.00000000022F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22F0000
|
| Size: |
450560
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected DBatLoader |
Data Obfuscation |
|
|
|
3F382000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1259355615.000000003F382000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F382000
|
| Size: |
700416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| Found strings which match to known social media urls |
Networking |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3F0EB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1260451981.000000003F0EB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F0EB000
|
| Size: |
401408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| Found strings which match to known social media urls |
Networking |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3F200000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3669508551.000000003F200000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F200000
|
| Size: |
376832
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3F209000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1257916263.000000003F209000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F209000
|
| Size: |
557056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
21D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299953629.00000000021D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21D0000
|
| Size: |
450560
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected DBatLoader |
Data Obfuscation |
|
|
|
21028000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.1410520393.0000000021028000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21028000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
6B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299178971.00000000006B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B8000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
89B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385447646.000000000089B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
89B000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
21018000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000012.00000002.1326328071.0000000021018000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21018000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
21949000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1222278768.0000000021949000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21949000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| Public key (encryption) found |
Cryptography |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3F5A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1261321746.000000003F5A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F5A3000
|
| Size: |
700416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3F112000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1255131831.000000003F112000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F112000
|
| Size: |
200704
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected WebBrowserPassView password recovery tool |
Stealing of Sensitive Information |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
76E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549885397.000000000076E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76E000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638066283.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
806000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1197502175.0000000000806000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
806000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
8A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640136925.00000000008A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8A1000
|
| Size: |
131072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
7E670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242135567.000000007E670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E670000
|
| Size: |
471040
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
8CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640136925.00000000008CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8CC000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
8ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466843490.00000000008ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8ED000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1326494345.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
20E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325693704.0000000020E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E6E000
|
| Size: |
8192
|
|
|
20A8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219412581.0000000020A8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A8F000
|
| Size: |
4096
|
|
|
20CFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325601996.0000000020CFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20CFF000
|
| Size: |
4096
|
|
|
231A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385992484.000000000231A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
231A000
|
| Size: |
8192
|
|
|
7EF04000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176053342.000000007EF04000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF04000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
728000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549885397.0000000000728000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
728000
|
| Size: |
192512
|
|
|
2110000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640986875.0000000002110000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2110000
|
| Size: |
32768
|
|
|
20CFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564094895.0000000020CFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20CFF000
|
| Size: |
4096
|
|
|
7E670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3670863608.000000007E670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E670000
|
| Size: |
4096
|
|
|
850000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385447646.0000000000850000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
850000
|
| Size: |
24576
|
|
|
655000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299102869.0000000000655000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
655000
|
| Size: |
8192
|
|
|
24EA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638623673.00000000024EA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24EA000
|
| Size: |
8192
|
|
|
23FC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467421591.00000000023FC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23FC000
|
| Size: |
4096
|
|
|
4F1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295342663.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1A000
|
| Size: |
16384
|
|
|
2AD7000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1551058578.0000000002AD7000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AD7000
|
| Size: |
4096
|
|
|
249E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467709117.000000000249E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
249E000
|
| Size: |
8192
|
|
|
48D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294770893.00000000048D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D6000
|
| Size: |
8192
|
|
|
4F1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296399344.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1E000
|
| Size: |
241664
|
|
|
3770000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1266105568.0000000003770000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3770000
|
| Size: |
12288
|
|
|
5110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1293192036.0000000005110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5110000
|
| Size: |
4096
|
|
|
20FE6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219631887.0000000020FE6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FE6000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
8E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1257135962.00000000008E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E2000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1289454841.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
3F280000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3669991495.000000003F280000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F280000
|
| Size: |
4096
|
|
|
7EEFF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1173781740.000000007EEFF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEFF000
|
| Size: |
200704
|
|
|
293F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.000000000293F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
293F000
|
| Size: |
4096
|
|
|
4F39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300012547.0000000004F39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F39000
|
| Size: |
20480
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299013789.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
33E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1273243352.00000000033E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33E9000
|
| Size: |
4096
|
|
|
7F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638066283.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F0000
|
| Size: |
24576
|
|
|
48CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296107329.00000000048CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CE000
|
| Size: |
40960
|
|
|
7E670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1665359619.000000007E670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E670000
|
| Size: |
4096
|
|
|
48C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1384733314.000000000048C000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48C000
|
| Size: |
12288
|
|
|
3F147000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1305915752.000000003F147000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F147000
|
| Size: |
4096
|
|
|
48C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637675891.000000000048C000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48C000
|
| Size: |
8192
|
|
|
2155E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1180120758.000000002155E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2155E000
|
| Size: |
24576
|
|
|
21205000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1180120758.0000000021205000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21205000
|
| Size: |
1323008
|
|
|
2955000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.1468040730.0000000002955000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2955000
|
| Size: |
4096
|
|
|
48C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1280005481.00000000048C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C9000
|
| Size: |
8192
|
|
|
7FB00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1169844737.000000007FB00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB00000
|
| Size: |
1060864
|
|
|
48B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301134994.00000000048B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48B0000
|
| Size: |
4096
|
|
|
24F1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638623673.00000000024F1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24F1000
|
| Size: |
4096
|
|
|
20901000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563616699.0000000020901000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20901000
|
| Size: |
4096
|
|
|
20653000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1406787805.0000000020653000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20653000
|
| Size: |
4096
|
|
|
4F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296057441.0000000004F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F3E000
|
| Size: |
196608
|
|
|
20A8B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3655521100.0000000020A8B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A8B000
|
| Size: |
20480
|
|
|
243F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550779610.000000000243F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
243F000
|
| Size: |
4096
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637746924.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
7E700000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1341648876.000000007E700000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E700000
|
| Size: |
4096
|
|
|
2831000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300875289.0000000002831000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2831000
|
| Size: |
405504
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3F5FC000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3670143457.000000003F5FC000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F5FC000
|
| Size: |
24576
|
|
|
23B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638557151.00000000023B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23B0000
|
| Size: |
16384
|
|
|
48C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294648421.00000000048C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C1000
|
| Size: |
73728
|
|
|
4F2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1293898530.0000000004F2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F2B000
|
| Size: |
4096
|
|
|
228E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550648060.000000000228E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
228E000
|
| Size: |
8192
|
|
|
71E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637929616.000000000071E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71E000
|
| Size: |
8192
|
|
|
4F10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1302057768.0000000004F10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F10000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
206CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1324875277.00000000206CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
206CC000
|
| Size: |
16384
|
|
|
2D05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1290121421.0000000002D05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D05000
|
| Size: |
4096
|
|
|
70E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639685706.000000000070E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
70E000
|
| Size: |
8192
|
|
|
4EAE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1274089016.0000000004EAE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4EAE000
|
| Size: |
8192
|
|
|
48CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1281525599.00000000048CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CC000
|
| Size: |
24576
|
|
|
2101A000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000012.00000002.1326328071.000000002101A000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2101A000
|
| Size: |
4096
|
|
|
207EB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652216850.00000000207EB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207EB000
|
| Size: |
20480
|
|
|
8EF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1305967142.00000000008EF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8EF000
|
| Size: |
20480
|
|
|
C9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467289800.0000000000C9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C9F000
|
| Size: |
4096
|
|
|
2098E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219384633.000000002098E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2098E000
|
| Size: |
8192
|
|
|
2073F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480253800.000000002073F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2073F000
|
| Size: |
4096
|
|
|
20FF1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000014.00000002.1410116763.0000000020FF1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FF1000
|
| Size: |
163840
|
|
|
2891000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1386508664.0000000002891000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2891000
|
| Size: |
16384
|
|
|
20672000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1406787805.0000000020672000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20672000
|
| Size: |
4096
|
|
|
6A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639465803.00000000006A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A0000
|
| Size: |
16384
|
|
|
3F4EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1308897559.000000003F4EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F4EA000
|
| Size: |
4096
|
|
|
208CF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563616699.00000000208CF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
208CF000
|
| Size: |
4096
|
|
|
2D05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1292856787.0000000002D05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D05000
|
| Size: |
4096
|
|
|
228A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299953629.000000000228A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
228A000
|
| Size: |
8192
|
|
|
20948000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3654846993.0000000020948000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20948000
|
| Size: |
8192
|
|
|
239C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200844013.000000000239C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
239C000
|
| Size: |
4096
|
|
|
48D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279408738.00000000048D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D1000
|
| Size: |
614400
|
|
|
48D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279770136.00000000048D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D1000
|
| Size: |
819200
|
|
|
20D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1481340131.0000000020D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D6E000
|
| Size: |
8192
|
|
|
2AE5000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000016.00000002.1551195956.0000000002AE5000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2AE5000
|
| Size: |
4096
|
|
|
23B1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200844013.00000000023B1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23B1000
|
| Size: |
4096
|
|
|
48D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294903929.00000000048D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D6000
|
| Size: |
8192
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639425139.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
2273000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641097493.0000000002273000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2273000
|
| Size: |
8192
|
|
|
824000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1177568958.0000000000824000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
824000
|
| Size: |
4096
|
|
|
8FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1198216384.00000000008FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8FA000
|
| Size: |
4096
|
|
|
7EE70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1175152684.000000007EE70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE70000
|
| Size: |
4096
|
|
|
33CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1179037101.00000000033CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33CE000
|
| Size: |
4096
|
|
|
4F39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1297306392.0000000004F39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F39000
|
| Size: |
155648
|
|
|
3300000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1273817291.0000000003300000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3300000
|
| Size: |
4096
|
|
|
2240000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467312470.0000000002240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2240000
|
| Size: |
4096
|
|
|
20908000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563616699.0000000020908000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20908000
|
| Size: |
8192
|
|
|
19C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639161926.000000000019C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19C000
|
| Size: |
16384
|
|
|
4F3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294974088.0000000004F3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F3F000
|
| Size: |
188416
|
|
|
4E14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1264821941.0000000004E14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E14000
|
| Size: |
1077248
|
|
|
7F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638066283.00000000007F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F8000
|
| Size: |
180224
|
|
|
2B25000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3641756898.0000000002B25000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2B25000
|
| Size: |
4096
|
|
|
3673000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266267470.0000000003673000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3673000
|
| Size: |
4096
|
|
|
33CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1178776834.00000000033CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33CA000
|
| Size: |
12288
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1583875391.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
6F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549861010.00000000006F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F0000
|
| Size: |
4096
|
|
|
84E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1177259662.000000000084E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84E000
|
| Size: |
24576
|
|
|
329B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1265689273.000000000329B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
329B000
|
| Size: |
20480
|
|
|
238D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200844013.000000000238D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
238D000
|
| Size: |
4096
|
|
|
33A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1273893790.00000000033A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33A0000
|
| Size: |
32768
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1298813308.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
7E670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1494830973.000000007E670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E670000
|
| Size: |
4096
|
|
|
2370000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641154673.0000000002370000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2370000
|
| Size: |
8192
|
|
|
2362000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200844013.0000000002362000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2362000
|
| Size: |
4096
|
|
|
94D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1305967142.000000000094D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
94D000
|
| Size: |
4096
|
|
|
48D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294687954.00000000048D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D1000
|
| Size: |
8192
|
|
|
4F1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294721299.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1A000
|
| Size: |
122880
|
|
|
5430000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1270198320.0000000005430000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5430000
|
| Size: |
4096
|
|
|
29D5000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1203148606.00000000029D5000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
29D5000
|
| Size: |
20480
|
|
|
4F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296552020.0000000004F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F3E000
|
| Size: |
110592
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637557915.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
7E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.1385408683.00000000007E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7E0000
|
| Size: |
4096
|
|
|
8FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1256000139.00000000008FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8FE000
|
| Size: |
16384
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639028969.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
21042000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3656440714.0000000021042000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21042000
|
| Size: |
8192
|
|
|
245C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467677432.000000000245C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
245C000
|
| Size: |
16384
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301262731.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266079190.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
456000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1265534107.0000000000456000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
456000
|
| Size: |
8192
|
|
|
4EF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266247195.0000000004EF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EF8000
|
| Size: |
12288
|
|
|
841000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638066283.0000000000841000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
841000
|
| Size: |
8192
|
|
|
49A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294312894.00000000049A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49A0000
|
| Size: |
180224
|
|
|
6A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637777033.00000000006A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A0000
|
| Size: |
4096
|
|
|
4E10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1302001277.0000000004E10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E10000
|
| Size: |
4096
|
|
|
2DE6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301087012.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DE6000
|
| Size: |
4096
|
|
|
206EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652170885.00000000206EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
206EC000
|
| Size: |
16384
|
|
|
8F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1305967142.00000000008F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F6000
|
| Size: |
24576
|
|
|
4F2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294079774.0000000004F2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F2B000
|
| Size: |
4096
|
|
|
905000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1256000139.0000000000905000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
905000
|
| Size: |
16384
|
|
|
7D3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385319787.00000000007D3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D3000
|
| Size: |
8192
|
|
|
6EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549830945.00000000006EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EE000
|
| Size: |
8192
|
|
|
5110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1293031122.0000000005110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5110000
|
| Size: |
4096
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637994919.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
4096
|
|
|
208E4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563616699.00000000208E4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
208E4000
|
| Size: |
4096
|
|
|
2861000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000014.00000002.1386342777.0000000002861000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2861000
|
| Size: |
155648
|
|
|
206B8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1406787805.00000000206B8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206B8000
|
| Size: |
8192
|
|
|
2394000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200844013.0000000002394000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2394000
|
| Size: |
8192
|
|
|
7ED80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1243095985.000000007ED80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED80000
|
| Size: |
4096
|
|
|
1D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549599857.00000000001D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D5000
|
| Size: |
8192
|
|
|
846000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1177259662.0000000000846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
846000
|
| Size: |
8192
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1495207297.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
20FE1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000014.00000002.1410116763.0000000020FE1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FE1000
|
| Size: |
8192
|
|
|
4D43000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1299862044.0000000004D43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D43000
|
| Size: |
614400
|
|
|
23C2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467421591.00000000023C2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23C2000
|
| Size: |
4096
|
|
|
48D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1299667463.00000000048D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D8000
|
| Size: |
151552
|
|
|
4F18000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294841788.0000000004F18000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F18000
|
| Size: |
4096
|
|
|
2321000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385992484.0000000002321000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2321000
|
| Size: |
4096
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1265789750.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
2CE0000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.1301541018.0000000002CE0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
2CE0000
|
| Size: |
4096
|
|
|
20FE1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000012.00000002.1325789719.0000000020FE1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FE1000
|
| Size: |
163840
|
|
|
1D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549599857.00000000001D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0000
|
| Size: |
16384
|
|
|
20A7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1409424954.0000000020A7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A7F000
|
| Size: |
4096
|
|
|
4F1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300790669.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1E000
|
| Size: |
49152
|
|
|
2096E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652316480.000000002096E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2096E000
|
| Size: |
8192
|
|
|
2090F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3654846993.000000002090F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2090F000
|
| Size: |
4096
|
|
|
2997000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1302558742.0000000002997000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2997000
|
| Size: |
4096
|
|
|
947000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306738209.0000000000947000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
947000
|
| Size: |
4096
|
|
|
7EFC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1243265493.000000007EFC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EFC0000
|
| Size: |
57344
|
|
|
48E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1167772058.000000000048E000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
48E000
|
| Size: |
12288
|
|
|
2AB1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000016.00000002.1550888647.0000000002AB1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2AB1000
|
| Size: |
155648
|
|
|
3440000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1265860756.0000000003440000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3440000
|
| Size: |
4096
|
|
|
2E0B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301730554.0000000002E0B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E0B000
|
| Size: |
86016
|
|
|
86A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640136925.000000000086A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
86A000
|
| Size: |
69632
|
|
|
61E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299071702.000000000061E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61E000
|
| Size: |
8192
|
|
|
4F1C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295131345.0000000004F1C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1C000
|
| Size: |
331776
|
|
|
48C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1297370092.00000000048C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C9000
|
| Size: |
12288
|
|
|
8A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466843490.00000000008A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8A8000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
325C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1265636670.000000000325C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
325C000
|
| Size: |
16384
|
|
|
92F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299739460.000000000092F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
92F000
|
| Size: |
4096
|
|
|
2087B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480918116.000000002087B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2087B000
|
| Size: |
20480
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1167698870.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
7EC3F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242702805.000000007EC3F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC3F000
|
| Size: |
16384
|
|
|
890000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466818767.0000000000890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
890000
|
| Size: |
4096
|
|
|
48D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1280005481.00000000048D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D0000
|
| Size: |
458752
|
|
|
20FBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564264519.0000000020FBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FBF000
|
| Size: |
4096
|
|
|
218F1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1220661069.00000000218F1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
218F1000
|
| Size: |
360448
|
|
|
2DD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301670204.0000000002DD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DD0000
|
| Size: |
4096
|
|
|
20C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652427893.0000000020C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C1E000
|
| Size: |
8192
|
|
|
30FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301858431.00000000030FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30FF000
|
| Size: |
4096
|
|
|
291D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300875289.000000000291D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
291D000
|
| Size: |
12288
|
|
|
2102A000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.1410520393.000000002102A000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2102A000
|
| Size: |
4096
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1384326203.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
235D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641154673.000000000235D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
235D000
|
| Size: |
4096
|
|
|
2140000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.1299831794.0000000002140000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2140000
|
| Size: |
4096
|
|
|
4D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1274030245.0000000004D40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D40000
|
| Size: |
4096
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1288410795.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
8EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1256000139.00000000008EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8EA000
|
| Size: |
49152
|
|
|
2971000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638905438.0000000002971000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2971000
|
| Size: |
4096
|
|
|
20D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564120621.0000000020D10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20D10000
|
| Size: |
4096
|
|
|
3F2A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1309191332.000000003F2A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F2A9000
|
| Size: |
4096
|
|
|
21968000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1225209606.0000000021968000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21968000
|
| Size: |
36864
|
|
|
3F071000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1250835299.000000003F071000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F071000
|
| Size: |
12288
|
|
|
20EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1481410877.0000000020EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EAE000
|
| Size: |
8192
|
|
|
21029000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.3656281326.0000000021029000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21029000
|
| Size: |
40960
|
|
|
34C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1267461709.00000000034C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34C0000
|
| Size: |
36864
|
|
|
4F1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294841788.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1A000
|
| Size: |
122880
|
|
|
21965000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1223816644.0000000021965000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21965000
|
| Size: |
8192
|
|
|
23B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300811927.00000000023B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23B0000
|
| Size: |
4096
|
|
|
48CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300052853.00000000048CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CC000
|
| Size: |
49152
|
|
|
2313000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385992484.0000000002313000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2313000
|
| Size: |
4096
|
|
|
34E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1267461709.00000000034E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34E4000
|
| Size: |
12288
|
|
|
2DC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179461800.0000000002DC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DC0000
|
| Size: |
12288
|
|
|
230C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385992484.000000000230C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
230C000
|
| Size: |
4096
|
|
|
208AA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3654846993.00000000208AA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
208AA000
|
| Size: |
4096
|
|
|
83D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638066283.000000000083D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83D000
|
| Size: |
12288
|
|
|
2951000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467963668.0000000002951000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2951000
|
| Size: |
16384
|
|
|
20FB1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000012.00000002.1325789719.0000000020FB1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FB1000
|
| Size: |
122880
|
|
|
3F147000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1307519982.000000003F147000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F147000
|
| Size: |
4096
|
|
|
23AA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200844013.00000000023AA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23AA000
|
| Size: |
8192
|
|
|
862000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1184157840.0000000000862000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
862000
|
| Size: |
12288
|
|
|
7E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1197502175.00000000007E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E5000
|
| Size: |
122880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
48D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1281177468.00000000048D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D4000
|
| Size: |
4096
|
|
|
AEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638532737.0000000000AEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AEF000
|
| Size: |
4096
|
|
|
48D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294687954.00000000048D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D6000
|
| Size: |
8192
|
|
|
5110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1292992263.0000000005110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5110000
|
| Size: |
4096
|
|
|
48C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639312601.000000000048C000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48C000
|
| Size: |
8192
|
|
|
826000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1177259662.0000000000826000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
826000
|
| Size: |
126976
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
8FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1229457660.00000000008FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8FE000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7EEA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1297693009.000000007EEA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEA0000
|
| Size: |
4096
|
|
|
20D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325658976.0000000020D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D6E000
|
| Size: |
8192
|
|
|
24E3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467763155.00000000024E3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24E3000
|
| Size: |
8192
|
|
|
2BBE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179201618.0000000002BBE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2BBE000
|
| Size: |
8192
|
|
|
207FE000
|
stack
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1219295946.00000000207FE000.00000040.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page execute and read and write
|
| Base address: |
207FE000
|
| Size: |
4096
|
|
|
2FFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301830689.0000000002FFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FFF000
|
| Size: |
4096
|
|
|
2D05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1290541185.0000000002D05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D05000
|
| Size: |
4096
|
|
|
2900000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300875289.0000000002900000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2900000
|
| Size: |
65536
|
|
|
4D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1297199627.0000000004D40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D40000
|
| Size: |
614400
|
|
|
4F17000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1293898530.0000000004F17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F17000
|
| Size: |
8192
|
|
|
811000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1172487445.0000000000811000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
811000
|
| Size: |
221184
|
|
|
4F11000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294721299.0000000004F11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F11000
|
| Size: |
32768
|
|
|
2C2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1178563758.0000000002C2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C2A000
|
| Size: |
12288
|
|
|
20BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564065240.0000000020BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BFE000
|
| Size: |
8192
|
|
|
377C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1265085497.000000000377C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
377C000
|
| Size: |
8192
|
|
|
28EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179017444.00000000028EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
28EC000
|
| Size: |
16384
|
|
|
29C5000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.1639545507.00000000029C5000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
29C5000
|
| Size: |
4096
|
|
|
23D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467421591.00000000023D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23D0000
|
| Size: |
8192
|
|
|
81A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1177568958.000000000081A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
81A000
|
| Size: |
4096
|
|
|
20686000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1406787805.0000000020686000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20686000
|
| Size: |
4096
|
|
|
20FE4000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000014.00000002.1410116763.0000000020FE4000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FE4000
|
| Size: |
8192
|
|
|
29C7000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1203083509.00000000029C7000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29C7000
|
| Size: |
57344
|
|
|
908000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306846180.0000000000908000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
908000
|
| Size: |
4096
|
|
|
33AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1273893790.00000000033AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33AA000
|
| Size: |
135168
|
|
|
20C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1409595714.0000000020C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C1E000
|
| Size: |
8192
|
|
|
21022000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1481931035.0000000021022000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21022000
|
| Size: |
8192
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266410945.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
99F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200628151.000000000099F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
99F000
|
| Size: |
4096
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1287078930.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
2095E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563957500.000000002095E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2095E000
|
| Size: |
8192
|
|
|
4F19000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279874515.0000000004F19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F19000
|
| Size: |
434176
|
|
|
866000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1184157840.0000000000866000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
866000
|
| Size: |
65536
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1197502175.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
40960
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1266680558.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
106496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
| URLs found in memory or binary data |
Networking |
|
|
|
21349000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1180120758.0000000021349000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21349000
|
| Size: |
2154496
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1265036606.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
7EF5E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1178992925.000000007EF5E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF5E000
|
| Size: |
401408
|
|
|
33CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1178870447.00000000033CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33CA000
|
| Size: |
16384
|
|
|
7EEA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000003.1548907623.000000007EEA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEA0000
|
| Size: |
4096
|
|
|
5119000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300384228.0000000005119000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5119000
|
| Size: |
1224704
|
|
|
2100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640986875.0000000002100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2100000
|
| Size: |
32768
|
|
|
48C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294204133.00000000048C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C9000
|
| Size: |
49152
|
|
|
7AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385242582.00000000007AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7AE000
|
| Size: |
8192
|
|
|
24D4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638623673.00000000024D4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24D4000
|
| Size: |
8192
|
|
|
6DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466633944.00000000006DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DE000
|
| Size: |
8192
|
|
|
3F281000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3670014748.000000003F281000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3F281000
|
| Size: |
77824
|
|
|
293A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300875289.000000000293A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
293A000
|
| Size: |
12288
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1192730446.0000000000487000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
48D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294042575.00000000048D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D5000
|
| Size: |
12288
|
|
|
20D2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219516977.0000000020D2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D2F000
|
| Size: |
4096
|
|
|
2895000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.1386594603.0000000002895000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2895000
|
| Size: |
8192
|
|
|
21009000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000012.00000002.1326328071.0000000021009000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21009000
|
| Size: |
40960
|
|
|
7EE70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1174686303.000000007EE70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE70000
|
| Size: |
4096
|
|
|
20FEB000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000014.00000002.1410116763.0000000020FEB000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FEB000
|
| Size: |
12288
|
|
|
20D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652456312.0000000020D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D1F000
|
| Size: |
4096
|
|
|
783000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1196785572.0000000000783000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
783000
|
| Size: |
8192
|
|
|
223A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550395806.000000000223A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
223A000
|
| Size: |
8192
|
|
|
32FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1273747068.00000000032FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32FC000
|
| Size: |
16384
|
|
|
21001000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.3655687806.0000000021001000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
21001000
|
| Size: |
163840
|
|
|
208C2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563616699.00000000208C2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
208C2000
|
| Size: |
4096
|
|
|
208FA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563616699.00000000208FA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
208FA000
|
| Size: |
12288
|
|
|
4FAF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1274115230.0000000004FAF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4FAF000
|
| Size: |
4096
|
|
|
48D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279331080.00000000048D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D5000
|
| Size: |
626688
|
|
|
48D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294926977.00000000048D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D6000
|
| Size: |
8192
|
|
|
2916000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300875289.0000000002916000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2916000
|
| Size: |
4096
|
|
|
7AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1197502175.00000000007AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AB000
|
| Size: |
69632
|
|
|
7ECCF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242790097.000000007ECCF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECCF000
|
| Size: |
77824
|
|
|
8ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1198216384.00000000008ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8ED000
|
| Size: |
4096
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1298923283.000000000048A000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
20A6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652347913.0000000020A6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A6F000
|
| Size: |
4096
|
|
|
2947000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467963668.0000000002947000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2947000
|
| Size: |
4096
|
|
|
2362000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641154673.0000000002362000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2362000
|
| Size: |
4096
|
|
|
2200000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550395806.0000000002200000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2200000
|
| Size: |
8192
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1287838192.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
20FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1410091050.0000000020FB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FB0000
|
| Size: |
4096
|
|
|
2394000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641154673.0000000002394000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2394000
|
| Size: |
4096
|
|
|
20EBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219589799.0000000020EBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EBE000
|
| Size: |
8192
|
|
|
4F20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295218052.0000000004F20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F20000
|
| Size: |
4096
|
|
|
20D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325630215.0000000020D10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20D10000
|
| Size: |
4096
|
|
|
21962000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1223816644.0000000021962000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21962000
|
| Size: |
8192
|
|
|
825000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638066283.0000000000825000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
825000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
20BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325567826.0000000020BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BFE000
|
| Size: |
8192
|
|
|
493000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1167807504.0000000000493000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
493000
|
| Size: |
1204224
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266165800.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
48C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549721336.000000000048C000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48C000
|
| Size: |
8192
|
|
|
7F081000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1172745064.000000007F081000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F081000
|
| Size: |
12288
|
|
|
2954000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.0000000002954000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2954000
|
| Size: |
4096
|
|
|
4F16000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295342663.0000000004F16000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F16000
|
| Size: |
4096
|
|
|
4D4D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1283450050.0000000004D4D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D4D000
|
| Size: |
716800
|
|
|
8F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1256000139.00000000008F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F7000
|
| Size: |
12288
|
|
|
4F6D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296372851.0000000004F6D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F6D000
|
| Size: |
106496
|
|
|
828000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1197502175.0000000000828000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
828000
|
| Size: |
20480
|
|
|
3F274000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3669508551.000000003F274000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F274000
|
| Size: |
36864
|
|
|
3EE2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3669397352.000000003EE2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EE2E000
|
| Size: |
8192
|
|
|
74E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1196725769.000000000074E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
74E000
|
| Size: |
8192
|
|
|
2093A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3654846993.000000002093A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2093A000
|
| Size: |
12288
|
|
|
20E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652618303.0000000020E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20E70000
|
| Size: |
4096
|
|
|
20FD7000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000012.00000002.1325789719.0000000020FD7000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FD7000
|
| Size: |
12288
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1298897732.0000000000487000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266015440.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
6C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637803806.00000000006C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C0000
|
| Size: |
4096
|
|
|
20EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325724923.0000000020EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EAE000
|
| Size: |
8192
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1266030580.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
20BBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1481051223.0000000020BBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BBF000
|
| Size: |
4096
|
|
|
2D00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301580508.0000000002D00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D00000
|
| Size: |
16384
|
|
|
2242000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299953629.0000000002242000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2242000
|
| Size: |
4096
|
|
|
6A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639465803.00000000006A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A5000
|
| Size: |
12288
|
|
|
2C00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179221615.0000000002C00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C00000
|
| Size: |
32768
|
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200669940.00000000009C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9C0000
|
| Size: |
4096
|
|
|
3310000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1273839414.0000000003310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3310000
|
| Size: |
4096
|
|
|
7EB6F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242582652.000000007EB6F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EB6F000
|
| Size: |
32768
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1167719806.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
548864
|
|
|
20FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325758703.0000000020FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FAF000
|
| Size: |
4096
|
|
|
20FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1481504298.0000000020FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FAF000
|
| Size: |
4096
|
|
|
24E3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638623673.00000000024E3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24E3000
|
| Size: |
4096
|
|
|
908000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312124769.0000000000908000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
908000
|
| Size: |
4096
|
|
|
2D05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1289326652.0000000002D05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D05000
|
| Size: |
4096
|
|
|
29BC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1639451374.00000000029BC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29BC000
|
| Size: |
4096
|
|
|
20941000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3654846993.0000000020941000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20941000
|
| Size: |
4096
|
|
|
3EDEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3669369153.000000003EDEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EDEF000
|
| Size: |
4096
|
|
|
8F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640824618.00000000008F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F6000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
2103D000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.3656281326.000000002103D000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2103D000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300281015.0000000005250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5250000
|
| Size: |
1073152
|
|
|
4F38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294819366.0000000004F38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F38000
|
| Size: |
114688
|
|
|
2298000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299953629.0000000002298000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2298000
|
| Size: |
4096
|
|
|
8FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1256000139.00000000008FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8FB000
|
| Size: |
4096
|
|
|
676000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1384991131.0000000000676000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
676000
|
| Size: |
8192
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639312601.000000000048A000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
20E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652587115.0000000020E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E6E000
|
| Size: |
8192
|
|
|
4F16000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296441493.0000000004F16000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F16000
|
| Size: |
12288
|
|
|
20FF7000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.3655687806.0000000020FF7000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FF7000
|
| Size: |
12288
|
|
|
20FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1410066610.0000000020FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FAF000
|
| Size: |
4096
|
|
|
2067F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1406787805.000000002067F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2067F000
|
| Size: |
4096
|
|
|
7EEFF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1174686303.000000007EEFF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEFF000
|
| Size: |
200704
|
|
|
48C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296344518.00000000048C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C9000
|
| Size: |
28672
|
|
|
48CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1281177468.00000000048CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CC000
|
| Size: |
16384
|
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200692924.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
12288
|
|
|
34E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266431219.00000000034E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34E7000
|
| Size: |
172032
|
|
|
20FE7000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000014.00000002.1410116763.0000000020FE7000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FE7000
|
| Size: |
12288
|
|
|
2971000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000012.00000002.1302359678.0000000002971000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2971000
|
| Size: |
155648
|
|
|
846000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1172539087.0000000000846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
846000
|
| Size: |
4096
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1292071260.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639746062.0000000000750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
4096
|
|
|
22D2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385992484.00000000022D2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22D2000
|
| Size: |
4096
|
|
|
2FD0000
|
heap
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1267136184.0000000002FD0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
2FD0000
|
| Size: |
4096
|
|
|
299F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301414976.000000000299F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
299F000
|
| Size: |
8192
|
|
|
2092F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652290711.000000002092F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2092F000
|
| Size: |
4096
|
|
|
4F59000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296261782.0000000004F59000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F59000
|
| Size: |
188416
|
|
|
7BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1197502175.00000000007BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BD000
|
| Size: |
139264
|
|
|
2D80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179439662.0000000002D80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D80000
|
| Size: |
4096
|
|
|
348F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1267412944.000000000348F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
348F000
|
| Size: |
4096
|
|
|
60E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1384898119.000000000060E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60E000
|
| Size: |
8192
|
|
|
20D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564147136.0000000020D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D6E000
|
| Size: |
8192
|
|
|
7FD30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1169051410.000000007FD30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD30000
|
| Size: |
1073152
|
|
|
48C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1281177468.00000000048C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C4000
|
| Size: |
16384
|
|
|
7EBD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242702805.000000007EBD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBD0000
|
| Size: |
4096
|
|
|
7E6E8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242135567.000000007E6E8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E6E8000
|
| Size: |
40960
|
|
|
48D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296213394.00000000048D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D0000
|
| Size: |
32768
|
|
|
2CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301559570.0000000002CF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CF0000
|
| Size: |
4096
|
|
|
5486000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1299528181.0000000005486000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5486000
|
| Size: |
1224704
|
|
|
20A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564012695.0000000020A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A9E000
|
| Size: |
8192
|
|
|
9D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200692924.00000000009D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D5000
|
| Size: |
16384
|
|
|
8F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1261109093.00000000008F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F8000
|
| Size: |
4096
|
|
|
7EEC5000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1173191095.000000007EEC5000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEC5000
|
| Size: |
12288
|
|
|
34C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1274003171.00000000034C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34C0000
|
| Size: |
20480
|
|
|
20D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1481147593.0000000020D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D1F000
|
| Size: |
4096
|
|
|
2A20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179136562.0000000002A20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A20000
|
| Size: |
4096
|
|
|
3F071000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1311468748.000000003F071000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F071000
|
| Size: |
16384
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1265987723.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
8A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466843490.00000000008A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8A0000
|
| Size: |
24576
|
|
|
491D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279557670.000000000491D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
491D000
|
| Size: |
315392
|
|
|
4F1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1297436365.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1A000
|
| Size: |
16384
|
|
|
839000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1172539087.0000000000839000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
839000
|
| Size: |
4096
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1292823948.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
2948000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300875289.0000000002948000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2948000
|
| Size: |
8192
|
|
|
20916000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3654846993.0000000020916000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20916000
|
| Size: |
4096
|
|
|
48C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295998739.00000000048C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C1000
|
| Size: |
32768
|
|
|
20BCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219466724.0000000020BCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BCF000
|
| Size: |
4096
|
|
|
207F9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219265965.00000000207F9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207F9000
|
| Size: |
20480
|
|
|
23B8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200844013.00000000023B8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23B8000
|
| Size: |
4096
|
|
|
501F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1266135245.000000000501F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
501F000
|
| Size: |
4096
|
|
|
5431000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1265665488.0000000005431000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5431000
|
| Size: |
241664
|
|
|
7EDF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1173191095.000000007EDF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EDF0000
|
| Size: |
4096
|
|
|
476F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179519202.000000000476F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
476F000
|
| Size: |
4096
|
|
|
23B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638557151.00000000023B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23B6000
|
| Size: |
8192
|
|
|
7EC5F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176445612.000000007EC5F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC5F000
|
| Size: |
40960
|
|
|
2283000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299953629.0000000002283000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2283000
|
| Size: |
4096
|
|
|
4F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1299969626.0000000004F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F3E000
|
| Size: |
286720
|
|
|
24B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1201600560.00000000024B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
24B0000
|
| Size: |
4096
|
|
|
7D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.1638045521.00000000007D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
A4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385955393.0000000000A4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A4F000
|
| Size: |
4096
|
|
|
4F1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295256871.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1A000
|
| Size: |
24576
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466426292.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
2291000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299953629.0000000002291000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2291000
|
| Size: |
4096
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1384380628.0000000000487000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
670000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1384991131.0000000000670000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
670000
|
| Size: |
16384
|
|
|
4F39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1302101577.0000000004F39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F39000
|
| Size: |
20480
|
|
|
294D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.000000000294D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
294D000
|
| Size: |
16384
|
|
|
2887000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1386508664.0000000002887000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2887000
|
| Size: |
4096
|
|
|
20FF1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.3655687806.0000000020FF1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FF1000
|
| Size: |
8192
|
|
|
2290000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000016.00000002.1550673717.0000000002290000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2290000
|
| Size: |
4096
|
|
|
947000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1305967142.0000000000947000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
947000
|
| Size: |
4096
|
|
|
2083E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1409019757.000000002083E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2083E000
|
| Size: |
8192
|
|
|
2304000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385992484.0000000002304000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2304000
|
| Size: |
8192
|
|
|
4570000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179496596.0000000004570000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4570000
|
| Size: |
4096
|
|
|
208D6000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563616699.00000000208D6000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
208D6000
|
| Size: |
4096
|
|
|
48C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294770893.00000000048C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C1000
|
| Size: |
81920
|
|
|
48EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279149072.00000000048EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48EE000
|
| Size: |
73728
|
|
|
493F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1281108231.000000000493F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
493F000
|
| Size: |
4096
|
|
|
29A2000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301414976.00000000029A2000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29A2000
|
| Size: |
4096
|
|
|
2E24000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301730554.0000000002E24000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E24000
|
| Size: |
28672
|
|
|
7EEC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1173191095.000000007EEC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEC0000
|
| Size: |
16384
|
|
|
824000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1197502175.0000000000824000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
824000
|
| Size: |
12288
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637675891.000000000048A000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
293F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638905438.000000000293F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
293F000
|
| Size: |
4096
|
|
|
7EF03000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176524783.000000007EF03000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF03000
|
| Size: |
524288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7EC48000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242702805.000000007EC48000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC48000
|
| Size: |
40960
|
|
|
3F25E000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3669508551.000000003F25E000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F25E000
|
| Size: |
4096
|
|
|
20FD4000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000012.00000002.1325789719.0000000020FD4000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FD4000
|
| Size: |
8192
|
|
|
33E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1178669006.00000000033E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33E9000
|
| Size: |
4096
|
|
|
2130000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299810031.0000000002130000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2130000
|
| Size: |
4096
|
|
|
4E11000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301195272.0000000004E11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E11000
|
| Size: |
245760
|
|
|
28FC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300875289.00000000028FC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28FC000
|
| Size: |
12288
|
|
|
377C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1265364000.000000000377C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
377C000
|
| Size: |
8192
|
|
|
20778000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480253800.0000000020778000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20778000
|
| Size: |
8192
|
|
|
3F382000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1309134673.000000003F382000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F382000
|
| Size: |
4096
|
|
|
22CD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385992484.00000000022CD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22CD000
|
| Size: |
4096
|
|
|
48BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301134994.00000000048BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48BC000
|
| Size: |
53248
|
|
|
7EF30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1174938890.000000007EF30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF30000
|
| Size: |
589824
|
|
|
20902000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3654846993.0000000020902000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20902000
|
| Size: |
4096
|
|
|
3F070000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3669456456.000000003F070000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F070000
|
| Size: |
4096
|
|
|
660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299178971.0000000000660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
660000
|
| Size: |
32768
|
|
|
3F0EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1257195765.000000003F0EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F0EA000
|
| Size: |
4096
|
|
|
610000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1384946264.0000000000610000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
610000
|
| Size: |
4096
|
|
|
20D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219540272.0000000020D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D7E000
|
| Size: |
8192
|
|
|
3F5F6000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3670143457.000000003F5F6000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F5F6000
|
| Size: |
8192
|
|
|
367D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266267470.000000000367D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
367D000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1193183225.000000000048A000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
20480
|
|
|
48D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279028016.00000000048D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D1000
|
| Size: |
24576
|
|
|
343E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1265821925.000000000343E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
343E000
|
| Size: |
8192
|
|
|
8EB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306846180.00000000008EB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8EB000
|
| Size: |
28672
|
|
|
4F19000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279611085.0000000004F19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F19000
|
| Size: |
331776
|
|
|
206B1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1406787805.00000000206B1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206B1000
|
| Size: |
4096
|
|
|
294C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467963668.000000000294C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
294C000
|
| Size: |
4096
|
|
|
3483000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1265892349.0000000003483000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3483000
|
| Size: |
16384
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1665792981.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
48D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279172981.00000000048D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D5000
|
| Size: |
176128
|
|
|
21045000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3656440714.0000000021045000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21045000
|
| Size: |
8192
|
|
|
3670000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1269684245.0000000003670000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3670000
|
| Size: |
12288
|
|
|
7EEFF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1175152684.000000007EEFF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEFF000
|
| Size: |
200704
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1424880951.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
2D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301647846.0000000002D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D8E000
|
| Size: |
8192
|
|
|
20FFF000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.3655687806.0000000020FFF000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FFF000
|
| Size: |
4096
|
|
|
8F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1229457660.00000000008F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F1000
|
| Size: |
45056
|
|
|
2233000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550395806.0000000002233000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2233000
|
| Size: |
4096
|
|
|
885000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385447646.0000000000885000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
885000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
755000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466725078.0000000000755000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
755000
|
| Size: |
12288
|
|
|
7EF5E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1179343730.000000007EF5E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF5E000
|
| Size: |
401408
|
|
|
206FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1408466267.00000000206FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
206FC000
|
| Size: |
16384
|
|
|
20D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1409773721.0000000020D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D6E000
|
| Size: |
8192
|
|
|
3F119000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1311468748.000000003F119000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F119000
|
| Size: |
4096
|
|
|
296A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.000000000296A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
296A000
|
| Size: |
16384
|
|
|
3380000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1273864995.0000000003380000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3380000
|
| Size: |
12288
|
|
|
4F1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1297306392.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1E000
|
| Size: |
16384
|
|
|
24A2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638623673.00000000024A2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24A2000
|
| Size: |
4096
|
|
|
45E000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1301302942.000000000045E000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
45E000
|
| Size: |
4096
|
|
|
7EF30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1173590654.000000007EF30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF30000
|
| Size: |
589824
|
|
|
3F071000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1257195765.000000003F071000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F071000
|
| Size: |
12288
|
|
|
75E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637963562.000000000075E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
75E000
|
| Size: |
8192
|
|
|
7FC10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1244407620.000000007FC10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC10000
|
| Size: |
1073152
|
|
|
85F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466793067.000000000085F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
85F000
|
| Size: |
4096
|
|
|
23AA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641154673.00000000023AA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23AA000
|
| Size: |
4096
|
|
|
7EF84000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176524783.000000007EF84000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF84000
|
| Size: |
208896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
8EB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1261109093.00000000008EB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8EB000
|
| Size: |
49152
|
|
|
48D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279276842.00000000048D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D5000
|
| Size: |
278528
|
|
|
20EBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652644585.0000000020EBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EBE000
|
| Size: |
8192
|
|
|
2418000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467421591.0000000002418000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2418000
|
| Size: |
4096
|
|
|
222C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550395806.000000000222C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
222C000
|
| Size: |
4096
|
|
|
4F11000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1292928916.0000000004F11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F11000
|
| Size: |
499712
|
|
|
48D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1299937702.00000000048D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D8000
|
| Size: |
135168
|
|
|
3F650000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3670817793.000000003F650000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F650000
|
| Size: |
4096
|
|
|
810000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1172270317.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
810000
|
| Size: |
221184
|
|
|
2978000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638905438.0000000002978000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2978000
|
| Size: |
8192
|
|
|
22D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467357664.00000000022D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22D6000
|
| Size: |
8192
|
|
|
207F1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563616699.00000000207F1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
207F1000
|
| Size: |
4096
|
|
|
2333000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550730587.0000000002333000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2333000
|
| Size: |
8192
|
|
|
2076A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480253800.000000002076A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2076A000
|
| Size: |
12288
|
|
|
294D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638905438.000000000294D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
294D000
|
| Size: |
12288
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1265887876.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
3F136000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306487908.000000003F136000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F136000
|
| Size: |
16384
|
|
|
2C2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1178614522.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C2B000
|
| Size: |
8192
|
|
|
365F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1266000692.000000000365F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
365F000
|
| Size: |
4096
|
|
|
20831000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3654846993.0000000020831000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20831000
|
| Size: |
4096
|
|
|
7FC08000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1169844737.000000007FC08000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC08000
|
| Size: |
16384
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466475244.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
4F1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296590694.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1E000
|
| Size: |
49152
|
|
|
22D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467357664.00000000022D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22D0000
|
| Size: |
16384
|
|
|
29A0000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1202938435.00000000029A0000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
29A0000
|
| Size: |
4096
|
|
|
7EEA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176820645.000000007EEA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEA0000
|
| Size: |
282624
|
|
|
7EF50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1179343730.000000007EF50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF50000
|
| Size: |
40960
|
|
|
650000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299102869.0000000000650000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
650000
|
| Size: |
16384
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1288034633.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
4E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1274064483.0000000004E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E60000
|
| Size: |
4096
|
|
|
2D05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301603292.0000000002D05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D05000
|
| Size: |
4096
|
|
|
7B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639966199.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B0000
|
| Size: |
4096
|
|
|
20FD1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000012.00000002.1325789719.0000000020FD1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FD1000
|
| Size: |
8192
|
|
|
2068D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1406787805.000000002068D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2068D000
|
| Size: |
12288
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266388179.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
221D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550395806.000000000221D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
221D000
|
| Size: |
4096
|
|
|
3F434000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1311040702.000000003F434000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F434000
|
| Size: |
4096
|
|
|
4F38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294613957.0000000004F38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F38000
|
| Size: |
86016
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301241350.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
5365000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300191424.0000000005365000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5365000
|
| Size: |
1073152
|
|
|
21F2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550395806.00000000021F2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21F2000
|
| Size: |
4096
|
|
|
19C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1191726206.000000000019C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19C000
|
| Size: |
16384
|
|
|
7EDFB000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1173191095.000000007EDFB000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EDFB000
|
| Size: |
786432
|
|
|
24CD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638623673.00000000024CD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24CD000
|
| Size: |
4096
|
|
|
33CB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1178823080.00000000033CB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33CB000
|
| Size: |
12288
|
|
|
5431000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1265002718.0000000005431000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5431000
|
| Size: |
65536
|
|
|
907000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312253608.0000000000907000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
907000
|
| Size: |
4096
|
|
|
91F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550299721.000000000091F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
91F000
|
| Size: |
4096
|
|
|
2097E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1409113106.000000002097E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2097E000
|
| Size: |
8192
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1292879812.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
73E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466695641.000000000073E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
73E000
|
| Size: |
8192
|
|
|
84A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1177259662.000000000084A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84A000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
4F5F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1297271519.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F5F000
|
| Size: |
135168
|
|
|
4F5E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300750953.0000000004F5E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F5E000
|
| Size: |
155648
|
|
|
7ECF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242878591.000000007ECF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ECF0000
|
| Size: |
282624
|
|
|
947000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312124769.0000000000947000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
947000
|
| Size: |
4096
|
|
|
33E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1179037101.00000000033E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33E9000
|
| Size: |
4096
|
|
|
21032000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652705861.0000000021032000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21032000
|
| Size: |
8192
|
|
|
2403000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467421591.0000000002403000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2403000
|
| Size: |
4096
|
|
|
206FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219237257.00000000206FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
206FC000
|
| Size: |
16384
|
|
|
2101D000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000012.00000002.1326328071.000000002101D000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2101D000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2986000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301414976.0000000002986000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2986000
|
| Size: |
8192
|
|
|
6E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466669357.00000000006E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E0000
|
| Size: |
4096
|
|
|
7FD1B000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1244407620.000000007FD1B000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD1B000
|
| Size: |
16384
|
|
|
210E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299768309.000000000210E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
210E000
|
| Size: |
8192
|
|
|
3F122000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1311468748.000000003F122000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F122000
|
| Size: |
4096
|
|
|
22E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385992484.00000000022E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22E0000
|
| Size: |
8192
|
|
|
20FC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219631887.0000000020FC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FC0000
|
| Size: |
4096
|
|
|
20D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1409626135.0000000020D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D1F000
|
| Size: |
4096
|
|
|
29C1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1639451374.00000000029C1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29C1000
|
| Size: |
16384
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549721336.000000000048A000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
48CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301936264.00000000048CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CE000
|
| Size: |
40960
|
|
|
5D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549799989.00000000005D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D0000
|
| Size: |
4096
|
|
|
21ED000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550395806.00000000021ED000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21ED000
|
| Size: |
4096
|
|
|
6A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1196498758.00000000006A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A0000
|
| Size: |
8192
|
|
|
6FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1196558044.00000000006FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FE000
|
| Size: |
8192
|
|
|
2150000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299856952.0000000002150000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2150000
|
| Size: |
16384
|
|
|
29B7000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1639451374.00000000029B7000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29B7000
|
| Size: |
4096
|
|
|
474000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1301302942.0000000000474000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
474000
|
| Size: |
36864
|
|
|
908000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1261109093.0000000000908000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
908000
|
| Size: |
65536
|
|
|
21019000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.1410520393.0000000021019000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
21019000
|
| Size: |
40960
|
|
|
7FD40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1169638764.000000007FD40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD40000
|
| Size: |
1060864
|
|
|
4F1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300012547.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1E000
|
| Size: |
12288
|
|
|
336E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1267326406.000000000336E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
336E000
|
| Size: |
8192
|
|
|
2378000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200844013.0000000002378000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2378000
|
| Size: |
4096
|
|
|
29A1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1202972039.00000000029A1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
29A1000
|
| Size: |
155648
|
|
|
227F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200792745.000000000227F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
227F000
|
| Size: |
4096
|
|
|
48BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301003203.00000000048BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48BC000
|
| Size: |
53248
|
|
|
2C49000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1178543123.0000000002C49000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C49000
|
| Size: |
4096
|
|
|
2FC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1267069412.0000000002FC0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FC0000
|
| Size: |
4096
|
|
|
48C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300070155.00000000048C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C9000
|
| Size: |
12288
|
|
|
860000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640136925.0000000000860000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
860000
|
| Size: |
36864
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1298860048.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
7C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638019782.00000000007C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C0000
|
| Size: |
4096
|
|
|
4F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296261782.0000000004F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F3E000
|
| Size: |
20480
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1342088389.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
33E0000
|
heap
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.1265764646.00000000033E0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
33E0000
|
| Size: |
4096
|
|
|
21035000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652705861.0000000021035000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21035000
|
| Size: |
8192
|
|
|
7EF00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176053342.000000007EF00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF00000
|
| Size: |
12288
|
|
|
20FDF000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000012.00000002.1325789719.0000000020FDF000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FDF000
|
| Size: |
4096
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466544487.000000000048A000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
45C000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1265534107.000000000045C000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
45C000
|
| Size: |
24576
|
|
|
48CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1299744206.00000000048CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CE000
|
| Size: |
40960
|
|
|
36D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1266069685.00000000036D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36D0000
|
| Size: |
8192
|
|
|
4F1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1302057768.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1A000
|
| Size: |
16384
|
|
|
3773000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1265085497.0000000003773000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3773000
|
| Size: |
8192
|
|
|
48CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295998739.00000000048CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CE000
|
| Size: |
8192
|
|
|
48C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1299771580.00000000048C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C9000
|
| Size: |
12288
|
|
|
4F1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296441493.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1A000
|
| Size: |
16384
|
|
|
48C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301897796.00000000048C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C0000
|
| Size: |
36864
|
|
|
2921000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000015.00000002.1467810783.0000000002921000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2921000
|
| Size: |
155648
|
|
|
48CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301917156.00000000048CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CA000
|
| Size: |
8192
|
|
|
4F1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1293898530.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1A000
|
| Size: |
8192
|
|
|
758000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549885397.0000000000758000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
758000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
20FC2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219631887.0000000020FC2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FC2000
|
| Size: |
126976
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
20FC1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000014.00000002.1410116763.0000000020FC1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FC1000
|
| Size: |
122880
|
|
|
20EBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564232533.0000000020EBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EBE000
|
| Size: |
8192
|
|
|
7EE70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1173781740.000000007EE70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE70000
|
| Size: |
4096
|
|
|
48CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300841899.00000000048CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CC000
|
| Size: |
4096
|
|
|
206DA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480253800.00000000206DA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206DA000
|
| Size: |
4096
|
|
|
8FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1305967142.00000000008FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8FE000
|
| Size: |
20480
|
|
|
20BBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1409544968.0000000020BBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BBF000
|
| Size: |
4096
|
|
|
48CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294926977.00000000048CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CC000
|
| Size: |
36864
|
|
|
66E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299178971.000000000066E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
66E000
|
| Size: |
294912
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
524B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1299121923.000000000524B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
524B000
|
| Size: |
1073152
|
|
|
2FE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1267199160.0000000002FE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FE0000
|
| Size: |
4096
|
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637860717.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D0000
|
| Size: |
16384
|
|
|
7EEA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000003.1636955211.000000007EEA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEA0000
|
| Size: |
4096
|
|
|
48BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301027705.00000000048BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48BC000
|
| Size: |
53248
|
|
|
7EE70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176053342.000000007EE70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE70000
|
| Size: |
4096
|
|
|
20B9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325529286.0000000020B9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20B9F000
|
| Size: |
4096
|
|
|
5111000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1299327393.0000000005111000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5111000
|
| Size: |
1224704
|
|
|
20E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1481374967.0000000020E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E6E000
|
| Size: |
8192
|
|
|
29A4000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301414976.00000000029A4000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29A4000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
239F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300783641.000000000239F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
239F000
|
| Size: |
4096
|
|
|
2DED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301709846.0000000002DED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DED000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
|
|
238D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641154673.000000000238D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
238D000
|
| Size: |
4096
|
|
|
917000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1305967142.0000000000917000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
917000
|
| Size: |
4096
|
|
|
858000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385447646.0000000000858000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
858000
|
| Size: |
180224
|
|
|
7ED71000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242878591.000000007ED71000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED71000
|
| Size: |
4096
|
|
|
4F18000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295028363.0000000004F18000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F18000
|
| Size: |
4096
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1265534107.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
344064
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637604858.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1244205614.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
7F16B000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1243343324.000000007F16B000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F16B000
|
| Size: |
4096
|
|
|
21035000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1410658867.0000000021035000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21035000
|
| Size: |
8192
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1265760417.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
7F07C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1172745064.000000007F07C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F07C000
|
| Size: |
16384
|
|
|
20A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563987239.0000000020A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A5F000
|
| Size: |
4096
|
|
|
20694000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1406787805.0000000020694000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20694000
|
| Size: |
4096
|
|
|
20924000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3654846993.0000000020924000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20924000
|
| Size: |
4096
|
|
|
48D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294204133.00000000048D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D6000
|
| Size: |
8192
|
|
|
2091D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3654846993.000000002091D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2091D000
|
| Size: |
12288
|
|
|
2274000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299953629.0000000002274000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2274000
|
| Size: |
8192
|
|
|
3F6B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306652137.000000003F6B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F6B2000
|
| Size: |
4096
|
|
|
2100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550343606.0000000002100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2100000
|
| Size: |
12288
|
|
|
48D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279673037.00000000048D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D1000
|
| Size: |
712704
|
|
|
2149C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1220357922.000000002149C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2149C000
|
| Size: |
16384
|
|
|
33F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1265793300.00000000033F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33F0000
|
| Size: |
20480
|
|
|
8F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640824618.00000000008F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F0000
|
| Size: |
16384
|
|
|
2157C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1220392268.000000002157C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2157C000
|
| Size: |
4096
|
|
|
24DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467737350.00000000024DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
24DE000
|
| Size: |
8192
|
|
|
2224000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550395806.0000000002224000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2224000
|
| Size: |
8192
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1326494345.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
242F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1386317292.000000000242F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
242F000
|
| Size: |
4096
|
|
|
2963000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.0000000002963000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2963000
|
| Size: |
4096
|
|
|
2C2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179221615.0000000002C2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C2B000
|
| Size: |
8192
|
|
|
2AA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179180784.0000000002AA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AA0000
|
| Size: |
20480
|
|
|
205A1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1406787805.00000000205A1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
205A1000
|
| Size: |
4096
|
|
|
7EF30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1174328370.000000007EF30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF30000
|
| Size: |
589824
|
|
|
4F39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1299699821.0000000004F39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F39000
|
| Size: |
20480
|
|
|
346B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1265892349.000000000346B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
346B000
|
| Size: |
94208
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1293811249.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
4F18000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295342663.0000000004F18000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F18000
|
| Size: |
4096
|
|
|
330E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1267253663.000000000330E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
330E000
|
| Size: |
8192
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1188602358.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
7EEC0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1243174403.000000007EEC0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEC0000
|
| Size: |
4096
|
|
|
836000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1184157840.0000000000836000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
836000
|
| Size: |
155648
|
|
|
296A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638905438.000000000296A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
296A000
|
| Size: |
12288
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1384269633.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
2082E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652261557.000000002082E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2082E000
|
| Size: |
8192
|
|
|
2D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301624509.0000000002D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D4E000
|
| Size: |
8192
|
|
|
2411000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467421591.0000000002411000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2411000
|
| Size: |
4096
|
|
|
3F296000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3670014748.000000003F296000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3F296000
|
| Size: |
8192
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266137703.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
7EEA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000003.1465798801.000000007EEA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEA0000
|
| Size: |
4096
|
|
|
2840000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.0000000002840000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2840000
|
| Size: |
4096
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1287992892.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
3300000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1265728403.0000000003300000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3300000
|
| Size: |
4096
|
|
|
2AAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550865814.0000000002AAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2AAF000
|
| Size: |
4096
|
|
|
48D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296491764.00000000048D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D0000
|
| Size: |
32768
|
|
|
218F0000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1220490368.00000000218F0000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
218F0000
|
| Size: |
4096
|
|
|
3EF2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3669429776.000000003EF2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EF2F000
|
| Size: |
4096
|
|
|
296B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550801551.000000000296B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
296B000
|
| Size: |
20480
|
|
|
8F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306846180.00000000008F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F6000
|
| Size: |
8192
|
|
|
8C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1197687630.00000000008C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8C6000
|
| Size: |
217088
|
|
|
2F1C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1266936159.0000000002F1C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F1C000
|
| Size: |
16384
|
|
|
7F840000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1244163029.000000007F840000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F840000
|
| Size: |
4096
|
|
|
4F11000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294841788.0000000004F11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F11000
|
| Size: |
12288
|
|
|
4F1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295028363.0000000004F1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1A000
|
| Size: |
122880
|
|
|
288C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1386508664.000000000288C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
288C000
|
| Size: |
4096
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266217270.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
3F132000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1311468748.000000003F132000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F132000
|
| Size: |
4096
|
|
|
208DD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563616699.00000000208DD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
208DD000
|
| Size: |
12288
|
|
|
7EF30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1175717591.000000007EF30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF30000
|
| Size: |
589824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
28BE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.00000000028BE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28BE000
|
| Size: |
397312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2842000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.0000000002842000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2842000
|
| Size: |
311296
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
23B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300811927.00000000023B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23B3000
|
| Size: |
8192
|
|
|
905000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306846180.0000000000905000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
905000
|
| Size: |
4096
|
|
|
2086A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563616699.000000002086A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2086A000
|
| Size: |
4096
|
|
|
760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639812494.0000000000760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
12288
|
|
|
20A7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480989806.0000000020A7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A7F000
|
| Size: |
4096
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1193527981.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
2946000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.0000000002946000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2946000
|
| Size: |
4096
|
|
|
48C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466544487.000000000048C000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48C000
|
| Size: |
8192
|
|
|
5110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1293114487.0000000005110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5110000
|
| Size: |
4096
|
|
|
20FEA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219631887.0000000020FEA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FEA000
|
| Size: |
266240
|
|
|
7E541000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1182121808.000000007E541000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E541000
|
| Size: |
12288
|
|
|
900000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1261109093.0000000000900000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
900000
|
| Size: |
4096
|
|
|
29A5000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.1302646130.00000000029A5000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
29A5000
|
| Size: |
8192
|
|
|
838000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1172320675.0000000000838000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
838000
|
| Size: |
4096
|
|
|
2991000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000017.00000002.1639282239.0000000002991000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2991000
|
| Size: |
155648
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549570151.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
7FE3B000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1169051410.000000007FE3B000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE3B000
|
| Size: |
16384
|
|
|
20FDB000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000012.00000002.1325789719.0000000020FDB000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FDB000
|
| Size: |
12288
|
|
|
2DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301689337.0000000002DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DE0000
|
| Size: |
16384
|
|
|
487000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1167772058.0000000000487000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
487000
|
| Size: |
12288
|
|
|
2C0A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179221615.0000000002C0A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C0A000
|
| Size: |
131072
|
|
|
23BD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467421591.00000000023BD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23BD000
|
| Size: |
4096
|
|
|
48CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295597949.00000000048CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CE000
|
| Size: |
8192
|
|
|
7EEA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1200485130.000000007EEA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEA0000
|
| Size: |
4096
|
|
|
7F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640078889.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F0000
|
| Size: |
4096
|
|
|
811000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176990177.0000000000811000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
811000
|
| Size: |
81920
|
|
|
2103A000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.3656281326.000000002103A000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2103A000
|
| Size: |
4096
|
|
|
3F331000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1309191332.000000003F331000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F331000
|
| Size: |
143360
|
|
|
48D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279028016.00000000048D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D8000
|
| Size: |
106496
|
|
|
24BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641423302.00000000024BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
24BF000
|
| Size: |
4096
|
|
|
48A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301878746.00000000048A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48A0000
|
| Size: |
4096
|
|
|
780000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1196785572.0000000000780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
4096
|
|
|
20ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219433576.0000000020ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20ACE000
|
| Size: |
8192
|
|
|
3F62B000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3670607092.000000003F62B000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F62B000
|
| Size: |
36864
|
|
|
2250000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299953629.0000000002250000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2250000
|
| Size: |
8192
|
|
|
2098C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3655444961.000000002098C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2098C000
|
| Size: |
16384
|
|
|
4F23000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1293898530.0000000004F23000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F23000
|
| Size: |
4096
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1265733159.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
4F3A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295927991.0000000004F3A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F3A000
|
| Size: |
61440
|
|
|
2861000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638905438.0000000002861000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2861000
|
| Size: |
4096
|
|
|
905000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1305967142.0000000000905000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
905000
|
| Size: |
12288
|
|
|
3EC90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1341111107.000000003EC90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EC90000
|
| Size: |
4096
|
|
|
5110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1293080059.0000000005110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5110000
|
| Size: |
4096
|
|
|
7EDF6000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1173191095.000000007EDF6000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EDF6000
|
| Size: |
16384
|
|
|
33CD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1273893790.00000000033CD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33CD000
|
| Size: |
16384
|
|
|
2102D000
|
direct allocation
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.1410520393.000000002102D000.00000002.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page readonly
|
| Base address: |
2102D000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
48CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1297370092.00000000048CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CE000
|
| Size: |
192512
|
|
|
24DC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638623673.00000000024DC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24DC000
|
| Size: |
4096
|
|
|
3460000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1265892349.0000000003460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3460000
|
| Size: |
36864
|
|
|
6D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637860717.00000000006D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D5000
|
| Size: |
12288
|
|
|
2AAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641452551.0000000002AAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2AAE000
|
| Size: |
8192
|
|
|
2330000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550730587.0000000002330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2330000
|
| Size: |
4096
|
|
|
7EF50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1178992925.000000007EF50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF50000
|
| Size: |
40960
|
|
|
20ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1409475550.0000000020ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20ABE000
|
| Size: |
8192
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1265816113.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
7E700000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242480506.000000007E700000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E700000
|
| Size: |
4096
|
|
|
7EED0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1172745064.000000007EED0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EED0000
|
| Size: |
868352
|
|
|
20C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219491125.0000000020C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C2E000
|
| Size: |
8192
|
|
|
20AAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652373878.0000000020AAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20AAE000
|
| Size: |
8192
|
|
|
7D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3640016611.00000000007D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
2924000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300875289.0000000002924000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2924000
|
| Size: |
4096
|
|
|
536A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1298434916.000000000536A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
536A000
|
| Size: |
1073152
|
|
|
207FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219314020.00000000207FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207FF000
|
| Size: |
4096
|
|
|
7EEF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176524783.000000007EEF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEF0000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2ADC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1551058578.0000000002ADC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2ADC000
|
| Size: |
4096
|
|
|
5BA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1167807504.00000000005BA000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5BA000
|
| Size: |
12288
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549532239.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639254429.0000000000487000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
20FEF000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000014.00000002.1410116763.0000000020FEF000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FEF000
|
| Size: |
4096
|
|
|
7E670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1341323072.000000007E670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E670000
|
| Size: |
4096
|
|
|
2924000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.0000000002924000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2924000
|
| Size: |
16384
|
|
|
20E7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219564612.0000000020E7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E7E000
|
| Size: |
8192
|
|
|
3F0EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1311468748.000000003F0EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F0EA000
|
| Size: |
4096
|
|
|
4903000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279246916.0000000004903000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4903000
|
| Size: |
126976
|
|
|
8FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306846180.00000000008FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8FB000
|
| Size: |
4096
|
|
|
7E540000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1183867352.000000007E540000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E540000
|
| Size: |
4096
|
|
|
48CD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295571881.00000000048CD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CD000
|
| Size: |
12288
|
|
|
206AA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1406787805.00000000206AA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
206AA000
|
| Size: |
12288
|
|
|
3380000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1267372397.0000000003380000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3380000
|
| Size: |
16384
|
|
|
48C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294175897.00000000048C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C9000
|
| Size: |
49152
|
|
|
33E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1273893790.00000000033E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33E9000
|
| Size: |
4096
|
|
|
20E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1409876006.0000000020E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E6E000
|
| Size: |
8192
|
|
|
20C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1481080617.0000000020C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20C1E000
|
| Size: |
8192
|
|
|
3EC90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1494782645.000000003EC90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3EC90000
|
| Size: |
4096
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266109108.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
20771000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480253800.0000000020771000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20771000
|
| Size: |
4096
|
|
|
3F14C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1307519982.000000003F14C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F14C000
|
| Size: |
8192
|
|
|
20E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564204775.0000000020E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20E70000
|
| Size: |
4096
|
|
|
48EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279204671.00000000048EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48EA000
|
| Size: |
212992
|
|
|
48C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1281108231.00000000048C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C1000
|
| Size: |
32768
|
|
|
3F0EB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1307955966.000000003F0EB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F0EB000
|
| Size: |
233472
|
|
|
8C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640136925.00000000008C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8C4000
|
| Size: |
20480
|
|
|
33CB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1273243352.00000000033CB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
33CB000
|
| Size: |
24576
|
|
|
226D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299953629.000000000226D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
226D000
|
| Size: |
4096
|
|
|
765000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639812494.0000000000765000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
765000
|
| Size: |
16384
|
|
|
20BAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652403497.0000000020BAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20BAF000
|
| Size: |
4096
|
|
|
4F11000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295028363.0000000004F11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F11000
|
| Size: |
20480
|
|
|
20FBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219612646.0000000020FBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FBF000
|
| Size: |
4096
|
|
|
2929000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.0000000002929000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2929000
|
| Size: |
65536
|
|
|
7E53C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1182121808.000000007E53C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E53C000
|
| Size: |
16384
|
|
|
28DA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638905438.00000000028DA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
28DA000
|
| Size: |
4096
|
|
|
20EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1410026243.0000000020EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20EAE000
|
| Size: |
8192
|
|
|
835000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1197502175.0000000000835000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
835000
|
| Size: |
106496
|
|
|
2946000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638905438.0000000002946000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2946000
|
| Size: |
4096
|
|
|
24B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638623673.00000000024B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24B0000
|
| Size: |
8192
|
|
|
20713000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480253800.0000000020713000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20713000
|
| Size: |
4096
|
|
|
20FE2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219631887.0000000020FE2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20FE2000
|
| Size: |
4096
|
|
|
7F08A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1243265493.000000007F08A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F08A000
|
| Size: |
4096
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1384846575.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
21035000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564292881.0000000021035000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21035000
|
| Size: |
8192
|
|
|
2084E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219331893.000000002084E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2084E000
|
| Size: |
8192
|
|
|
7EF2F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1243174403.000000007EF2F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF2F000
|
| Size: |
77824
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1265861497.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
7E1D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242088632.000000007E1D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E1D0000
|
| Size: |
4096
|
|
|
49A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1266157140.00000000049A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49A0000
|
| Size: |
180224
|
|
|
34CB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1267461709.00000000034CB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
34CB000
|
| Size: |
98304
|
|
|
2978000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.0000000002978000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2978000
|
| Size: |
12288
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549675838.0000000000487000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1286585335.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
3ECEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3669331737.000000003ECEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ECEE000
|
| Size: |
8192
|
|
|
4F17000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295256871.0000000004F17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F17000
|
| Size: |
8192
|
|
|
22FD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385992484.00000000022FD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
22FD000
|
| Size: |
4096
|
|
|
48B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301067915.00000000048B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48B0000
|
| Size: |
4096
|
|
|
207CB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1324937954.00000000207CB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207CB000
|
| Size: |
20480
|
|
|
4E11000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1265942137.0000000004E11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E11000
|
| Size: |
65536
|
|
|
720000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1549885397.0000000000720000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
720000
|
| Size: |
24576
|
|
|
3F124000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306487908.000000003F124000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F124000
|
| Size: |
61440
|
|
|
695000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385127558.0000000000695000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
695000
|
| Size: |
12288
|
|
|
24F8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638623673.00000000024F8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24F8000
|
| Size: |
4096
|
|
|
208E3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3654846993.00000000208E3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
208E3000
|
| Size: |
4096
|
|
|
7EC60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242790097.000000007EC60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC60000
|
| Size: |
4096
|
|
|
2DED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301087012.0000000002DED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DED000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
|
|
7EC90000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176190142.000000007EC90000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC90000
|
| Size: |
823296
|
|
|
23ED000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467421591.00000000023ED000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23ED000
|
| Size: |
4096
|
|
|
7FE43000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1245227867.000000007FE43000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE43000
|
| Size: |
12288
|
|
|
367D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1266330707.000000000367D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
367D000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FE48000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1169638764.000000007FE48000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE48000
|
| Size: |
16384
|
|
|
20FD1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.3655687806.0000000020FD1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FD1000
|
| Size: |
122880
|
|
|
2095E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325267085.000000002095E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2095E000
|
| Size: |
8192
|
|
|
7EAB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1242582652.000000007EAB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EAB0000
|
| Size: |
4096
|
|
|
20E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564177255.0000000020E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20E6E000
|
| Size: |
8192
|
|
|
700000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1196606499.0000000000700000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
700000
|
| Size: |
16384
|
|
|
87D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640136925.000000000087D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
87D000
|
| Size: |
139264
|
|
|
20D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652488345.0000000020D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D6E000
|
| Size: |
8192
|
|
|
4F16000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1297436365.0000000004F16000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F16000
|
| Size: |
12288
|
|
|
21032000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1410658867.0000000021032000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21032000
|
| Size: |
8192
|
|
|
905000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640824618.0000000000905000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
905000
|
| Size: |
4096
|
|
|
5471000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300511553.0000000005471000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5471000
|
| Size: |
1224704
|
|
|
2270000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641097493.0000000002270000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2270000
|
| Size: |
4096
|
|
|
8C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1198317053.00000000008C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8C8000
|
| Size: |
217088
|
|
|
48D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295182499.00000000048D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D6000
|
| Size: |
8192
|
|
|
208A3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1563616699.00000000208A3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
208A3000
|
| Size: |
4096
|
|
|
690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385127558.0000000000690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
690000
|
| Size: |
16384
|
|
|
850000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1197502175.0000000000850000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
850000
|
| Size: |
8192
|
|
|
2971000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.0000000002971000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2971000
|
| Size: |
4096
|
|
|
66A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299178971.000000000066A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
66A000
|
| Size: |
8192
|
|
|
7EF50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1179651641.000000007EF50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF50000
|
| Size: |
458752
|
|
|
48E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279117607.00000000048E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48E1000
|
| Size: |
110592
|
|
|
2F59000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1267010678.0000000002F59000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F59000
|
| Size: |
28672
|
|
|
2D05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1288101209.0000000002D05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D05000
|
| Size: |
4096
|
|
|
4F1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295302008.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1E000
|
| Size: |
8192
|
|
|
7E1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1197502175.00000000007E1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E1000
|
| Size: |
12288
|
|
|
48D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294648421.00000000048D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D6000
|
| Size: |
8192
|
|
|
2061A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1406787805.000000002061A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2061A000
|
| Size: |
4096
|
|
|
750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466725078.0000000000750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
16384
|
|
|
2C00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301520468.0000000002C00000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C00000
|
| Size: |
4096
|
|
|
2094F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1219359783.000000002094F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2094F000
|
| Size: |
4096
|
|
|
48C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296107329.00000000048C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C9000
|
| Size: |
4096
|
|
|
288F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201642724.000000000288F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
288F000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2139C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1220329565.000000002139C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2139C000
|
| Size: |
16384
|
|
|
41B000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1266680558.000000000041B000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
41B000
|
| Size: |
36864
|
|
|
7EE3F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1243095985.000000007EE3F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE3F000
|
| Size: |
49152
|
|
|
239C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641154673.000000000239C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
239C000
|
| Size: |
4096
|
|
|
6B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3639606818.00000000006B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B0000
|
| Size: |
8192
|
|
|
48C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300901973.00000000048C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C9000
|
| Size: |
12288
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466608009.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
48C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295597949.00000000048C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C1000
|
| Size: |
49152
|
|
|
2E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301730554.0000000002E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E00000
|
| Size: |
36864
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637643681.0000000000487000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
2B1C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641660739.0000000002B1C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2B1C000
|
| Size: |
4096
|
|
|
20661000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480253800.0000000020661000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20661000
|
| Size: |
4096
|
|
|
9EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638507381.00000000009EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9EF000
|
| Size: |
4096
|
|
|
8FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3640824618.00000000008FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8FF000
|
| Size: |
16384
|
|
|
20D8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3655623141.0000000020D8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20D8F000
|
| Size: |
4096
|
|
|
917000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306738209.0000000000917000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
917000
|
| Size: |
4096
|
|
|
2DED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1301047958.0000000002DED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DED000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
|
|
21032000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564292881.0000000021032000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21032000
|
| Size: |
8192
|
|
|
4F3E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1297476800.0000000004F3E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F3E000
|
| Size: |
135168
|
|
|
299C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1302558742.000000000299C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
299C000
|
| Size: |
4096
|
|
|
8F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306846180.00000000008F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8F3000
|
| Size: |
4096
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1466515290.0000000000487000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
487000
|
| Size: |
8192
|
|
|
2D05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1289298155.0000000002D05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D05000
|
| Size: |
4096
|
|
|
50EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1270034418.00000000050EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50EF000
|
| Size: |
4096
|
|
|
5110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1293144259.0000000005110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5110000
|
| Size: |
4096
|
|
|
94D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1260874067.000000000094D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
94D000
|
| Size: |
4096
|
|
|
7E390000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1182121808.000000007E390000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E390000
|
| Size: |
1732608
|
|
|
827000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1184399308.0000000000827000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
827000
|
| Size: |
61440
|
|
|
4F39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1296590694.0000000004F39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F39000
|
| Size: |
20480
|
|
|
2248000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550395806.0000000002248000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2248000
|
| Size: |
4096
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1290586153.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
4F19000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279487568.0000000004F19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F19000
|
| Size: |
241664
|
|
|
4F38000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294974088.0000000004F38000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F38000
|
| Size: |
20480
|
|
|
207FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1408954225.00000000207FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
207FB000
|
| Size: |
20480
|
|
|
7B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385281174.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B0000
|
| Size: |
4096
|
|
|
2106000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550343606.0000000002106000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2106000
|
| Size: |
8192
|
|
|
20B9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1564042031.0000000020B9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20B9F000
|
| Size: |
4096
|
|
|
2156000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299856952.0000000002156000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2156000
|
| Size: |
8192
|
|
|
49F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301971981.00000000049F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49F0000
|
| Size: |
8192
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1288530122.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
29A1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1302558742.00000000029A1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
29A1000
|
| Size: |
16384
|
|
|
2941000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300875289.0000000002941000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2941000
|
| Size: |
4096
|
|
|
909000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1255300129.0000000000909000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
909000
|
| Size: |
282624
|
|
|
2913000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638905438.0000000002913000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2913000
|
| Size: |
4096
|
|
|
231C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550697440.000000000231C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
231C000
|
| Size: |
16384
|
|
|
2241000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550395806.0000000002241000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2241000
|
| Size: |
4096
|
|
|
48C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295970156.00000000048C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C9000
|
| Size: |
28672
|
|
|
918000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1260874067.0000000000918000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
918000
|
| Size: |
196608
|
|
|
2B17000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641660739.0000000002B17000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2B17000
|
| Size: |
4096
|
|
|
23A3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200844013.00000000023A3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23A3000
|
| Size: |
4096
|
|
|
369E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1266034681.000000000369E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
369E000
|
| Size: |
8192
|
|
|
20FBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1652674068.0000000020FBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20FBF000
|
| Size: |
4096
|
|
|
7FA00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3671271182.000000007FA00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA00000
|
| Size: |
4096
|
|
|
20A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325486702.0000000020A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A9E000
|
| Size: |
8192
|
|
|
2081E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1324991896.000000002081E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2081E000
|
| Size: |
8192
|
|
|
298B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301414976.000000000298B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
298B000
|
| Size: |
8192
|
|
|
2091F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325214528.000000002091F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2091F000
|
| Size: |
4096
|
|
|
706000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1196606499.0000000000706000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
706000
|
| Size: |
12288
|
|
|
2D04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1286616858.0000000002D04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
8192
|
|
|
24E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467763155.00000000024E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24E0000
|
| Size: |
4096
|
|
|
20732000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480253800.0000000020732000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20732000
|
| Size: |
4096
|
|
|
48C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1298923283.000000000048C000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48C000
|
| Size: |
12288
|
|
|
3384000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1265935053.0000000003384000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3384000
|
| Size: |
4096
|
|
|
6C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1637803806.00000000006C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C3000
|
| Size: |
8192
|
|
|
20746000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480253800.0000000020746000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20746000
|
| Size: |
4096
|
|
|
7F090000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1243343324.000000007F090000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7F090000
|
| Size: |
884736
|
|
|
240A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467421591.000000000240A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
240A000
|
| Size: |
8192
|
|
|
7EFA5000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1172745064.000000007EFA5000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EFA5000
|
| Size: |
860160
|
|
|
21025000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1481931035.0000000021025000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
21025000
|
| Size: |
8192
|
|
|
48C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1281177468.00000000048C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C1000
|
| Size: |
8192
|
|
|
2328000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385992484.0000000002328000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2328000
|
| Size: |
4096
|
|
|
7FD70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1245227867.000000007FD70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD70000
|
| Size: |
839680
|
|
|
2F9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1273702757.0000000002F9C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F9C000
|
| Size: |
16384
|
|
|
2E21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301730554.0000000002E21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E21000
|
| Size: |
8192
|
|
|
4F39000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300790669.0000000004F39000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F39000
|
| Size: |
20480
|
|
|
2AF1000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.3641483055.0000000002AF1000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
2AF1000
|
| Size: |
155648
|
|
|
7E670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1424469523.000000007E670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E670000
|
| Size: |
4096
|
|
|
846000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176968572.0000000000846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
846000
|
| Size: |
4096
|
|
|
4F1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1299699821.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1E000
|
| Size: |
49152
|
|
|
20FFB000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.3655687806.0000000020FFB000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FFB000
|
| Size: |
12288
|
|
|
2810000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1201622411.0000000002810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2810000
|
| Size: |
4096
|
|
|
20F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550323013.00000000020F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F0000
|
| Size: |
4096
|
|
|
48C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1281525599.00000000048C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48C1000
|
| Size: |
20480
|
|
|
211AF000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1220018612.00000000211AF000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
211AF000
|
| Size: |
331776
|
|
|
21567000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1180120758.0000000021567000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
21567000
|
| Size: |
20480
|
|
|
20FF4000
|
direct allocation
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.3655687806.0000000020FF4000.00000020.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute read
|
| Base address: |
20FF4000
|
| Size: |
8192
|
|
|
249D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638623673.000000000249D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
249D000
|
| Size: |
4096
|
|
|
2932000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638905438.0000000002932000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2932000
|
| Size: |
4096
|
|
|
2097F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480958965.000000002097F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2097F000
|
| Size: |
4096
|
|
|
2370000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200844013.0000000002370000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2370000
|
| Size: |
8192
|
|
|
680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385081810.0000000000680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
680000
|
| Size: |
4096
|
|
|
7D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1385319787.00000000007D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
905000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1312253608.0000000000905000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
905000
|
| Size: |
4096
|
|
|
23B1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641154673.00000000023B1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23B1000
|
| Size: |
4096
|
|
|
2074D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480253800.000000002074D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2074D000
|
| Size: |
12288
|
|
|
9A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1200650201.00000000009A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9A0000
|
| Size: |
4096
|
|
|
5D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299048035.00000000005D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5D0000
|
| Size: |
4096
|
|
|
3F610000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3670607092.000000003F610000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F610000
|
| Size: |
106496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3F5A0000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3670143457.000000003F5A0000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3F5A0000
|
| Size: |
344064
|
|
|
8E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306846180.00000000008E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E6000
|
| Size: |
4096
|
|
|
7EEA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1383605415.000000007EEA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EEA0000
|
| Size: |
4096
|
|
|
20754000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1480253800.0000000020754000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
20754000
|
| Size: |
4096
|
|
|
48D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1279088275.00000000048D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D5000
|
| Size: |
90112
|
|
|
29AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1550838274.00000000029AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29AE000
|
| Size: |
8192
|
|
|
4E11000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1286470689.0000000004E11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E11000
|
| Size: |
241664
|
|
|
2AE1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1551058578.0000000002AE1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2AE1000
|
| Size: |
16384
|
|
|
227C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1299953629.000000000227C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
227C000
|
| Size: |
4096
|
|
|
29EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179042530.00000000029EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29EC000
|
| Size: |
16384
|
|
|
3F0EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1250835299.000000003F0EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F0EA000
|
| Size: |
167936
|
|
|
48CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1300841899.00000000048CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48CE000
|
| Size: |
40960
|
|
|
2260000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.1467336257.0000000002260000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2260000
|
| Size: |
4096
|
|
|
7EBA0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1176445612.000000007EBA0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7EBA0000
|
| Size: |
4096
|
|
|
2895000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1300875289.0000000002895000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2895000
|
| Size: |
397312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
20ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1481016828.0000000020ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20ABE000
|
| Size: |
8192
|
|
|
2B21000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3641660739.0000000002B21000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2B21000
|
| Size: |
16384
|
|
|
7E670000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000016.00000002.1583456894.000000007E670000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
22
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
7E670000
|
| Size: |
4096
|
|
|
900000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1306846180.0000000000900000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
900000
|
| Size: |
8192
|
|
|
20A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1325458616.0000000020A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
20A5F000
|
| Size: |
4096
|
|
|
48A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1384733314.000000000048A000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
48A000
|
| Size: |
4096
|
|
|
2954000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.1638905438.0000000002954000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2954000
|
| Size: |
4096
|
|
|
2A10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1179100687.0000000002A10000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A10000
|
| Size: |
4096
|
|
|
4EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1269914637.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EE0000
|
| Size: |
8192
|
|
|
2093F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.1409087625.000000002093F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2093F000
|
| Size: |
4096
|
|
|
296C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1301396029.000000000296C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
296C000
|
| Size: |
16384
|
|
|
4F23000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1294123666.0000000004F23000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F23000
|
| Size: |
4096
|
|
|
23F4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.1467421591.00000000023F4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
23F4000
|
| Size: |
8192
|
|
|
48D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.1295551273.00000000048D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
48D0000
|
| Size: |
32768
|
|
|
845000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1172320675.0000000000845000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
845000
|
| Size: |
4096
|
|
|
3F132000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3669481599.000000003F132000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3F132000
|
| Size: |
4096
|
|
