|
3B30000
|
direct allocation
|
page read and write
|
 |
|
|
| Name: |
00000006.00000002.1205860591.0000000003B30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B30000
|
| Size: |
499712
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
38D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334595166.00000000038D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
38D0000
|
| Size: |
499712
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3070000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1167064122.0000000003070000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3070000
|
| Size: |
499712
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| Public key (encryption) found |
Cryptography |
|
| URLs found in memory or binary data |
Networking |
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3596822407.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
475136
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333366858.0000000003000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3000000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3230000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598278455.0000000003230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3230000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
14B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320596859.00000000014B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
14B0000
|
| Size: |
499712
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.1332922783.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
475136
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3E00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1179112205.0000000003E00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3E00000
|
| Size: |
499712
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
| Yara detected Keylogger Generic |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3012000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333413754.0000000003012000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3012000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597984137.0000000003200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Remcos RAT |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853456261.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
11FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1319109581.00000000011FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11FD000
|
| Size: |
12288
|
|
|
E84000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1143896044.0000000000E84000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E84000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
2CAC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597159753.0000000002CAC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CAC000
|
| Size: |
16384
|
|
|
322D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598067033.000000000322D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
322D000
|
| Size: |
4096
|
|
|
17A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1181064556.00000000017A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A6000
|
| Size: |
200704
|
|
|
15A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320923820.00000000015A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15A3000
|
| Size: |
118784
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1859000220.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853266350.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
125C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178049248.000000000125C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
125C000
|
| Size: |
16384
|
|
|
3025000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856654045.0000000003025000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3025000
|
| Size: |
12288
|
|
|
414D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176220208.000000000414D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
414D000
|
| Size: |
458752
|
|
|
AFF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1142899131.0000000000AFF000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AFF000
|
| Size: |
147456
|
|
|
2CEC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597233029.0000000002CEC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CEC000
|
| Size: |
16384
|
|
|
2D20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597316877.0000000002D20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D20000
|
| Size: |
4096
|
|
|
4020000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176617994.0000000004020000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4020000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1663000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1166489274.0000000001663000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1663000
|
| Size: |
688128
|
|
|
3F4E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1302005571.0000000003F4E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F4E000
|
| Size: |
24576
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857612613.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
B37000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1177141303.0000000000B37000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B37000
|
| Size: |
536576
|
|
|
3D33000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1301237939.0000000003D33000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3D33000
|
| Size: |
507904
|
|
|
11C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334370093.00000000011C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C9000
|
| Size: |
667648
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
156F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1287326371.000000000156F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
156F000
|
| Size: |
86016
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855969314.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
A71000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000000.1164781472.0000000000A71000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A71000
|
| Size: |
581632
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856719589.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
4149000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176220208.0000000004149000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4149000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853044862.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
42CD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1187496634.00000000042CD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42CD000
|
| Size: |
458752
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858946007.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855716991.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1769000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1178441018.0000000001769000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1769000
|
| Size: |
196608
|
|
|
3BCE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1159722950.0000000003BCE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3BCE000
|
| Size: |
24576
|
|
|
10B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1143983569.00000000010B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10B9000
|
| Size: |
573440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855579184.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858928298.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
156B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320727987.000000000156B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
156B000
|
| Size: |
12288
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854865616.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
D60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1143797499.0000000000D60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D60000
|
| Size: |
4096
|
|
|
10D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333969299.00000000010D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D4000
|
| Size: |
8192
|
|
|
BB96CFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286379133.000000BB96CFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BB96CFF000
|
| Size: |
4096
|
|
|
15C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1300068045.00000000015C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C6000
|
| Size: |
4096
|
|
|
1149000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1320332805.0000000001149000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1149000
|
| Size: |
196608
|
|
|
1671000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1169211982.0000000001671000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1671000
|
| Size: |
172032
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853749237.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
A60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166282084.0000000000A60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A60000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855253053.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
2DCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597546347.0000000002DCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DCE000
|
| Size: |
8192
|
|
|
4000000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1187242203.0000000004000000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4000000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
112D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1322457031.000000000112D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
112D000
|
| Size: |
172032
|
|
|
B2E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1204825594.0000000000B2E000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B2E000
|
| Size: |
36864
|
|
|
1888000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205743119.0000000001888000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1888000
|
| Size: |
86016
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855670316.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854035095.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
156E000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1320889805.000000000156E000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
156E000
|
| Size: |
20480
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857220874.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
433E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1192899738.000000000433E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
433E000
|
| Size: |
24576
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858021631.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1859070288.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1185000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1323454135.0000000001185000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1185000
|
| Size: |
196608
|
|
|
B2E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333659598.0000000000B2E000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B2E000
|
| Size: |
36864
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855989619.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1483000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1136625296.0000000001483000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1483000
|
| Size: |
118784
|
|
|
AFF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.1177820865.0000000000AFF000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AFF000
|
| Size: |
147456
|
|
|
112C000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.1334244724.000000000112C000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
112C000
|
| Size: |
20480
|
|
|
E8E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1143942344.0000000000E8E000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E8E000
|
| Size: |
36864
|
|
|
DD0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1131647709.0000000000DD0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DD0000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855604430.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1300000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320133131.0000000001300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1300000
|
| Size: |
4096
|
|
|
42C9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1188124215.00000000042C9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42C9000
|
| Size: |
4096
|
|
|
1457000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144194015.0000000001457000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1457000
|
| Size: |
8192
|
|
|
8EA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1313019203.00000000008EA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8EA000
|
| Size: |
24576
|
|
|
1538000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320727987.0000000001538000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1538000
|
| Size: |
176128
|
|
|
3C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1301237939.0000000003C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C10000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
FBC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333745310.0000000000FBC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FBC000
|
| Size: |
16384
|
|
|
1D334230000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286990581.000001D334230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D334230000
|
| Size: |
4096
|
|
|
3016000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597798245.0000000003016000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3016000
|
| Size: |
4096
|
|
|
140D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178213615.000000000140D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
140D000
|
| Size: |
12288
|
|
|
3026000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855807693.0000000003026000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3026000
|
| Size: |
8192
|
|
|
FE8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166617091.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FE8000
|
| Size: |
61440
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853787692.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857878307.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330346842.0000000003950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3950000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
B24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.1177820865.0000000000B24000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B24000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857445177.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854320477.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
4096
|
|
|
14A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1135564538.00000000014A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A8000
|
| Size: |
8192
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853922768.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
B37000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1318469241.0000000000B37000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B37000
|
| Size: |
536576
|
|
|
1184000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334278446.0000000001184000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1184000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858697441.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
222E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1179094983.000000000222E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
222E000
|
| Size: |
8192
|
|
|
A70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000012.00000002.1333481268.0000000000A70000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857698705.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
14EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1133256996.00000000014EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14EA000
|
| Size: |
630784
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
3B03000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332048389.0000000003B03000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B03000
|
| Size: |
507904
|
|
|
990000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1143764338.0000000000990000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
990000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856871610.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
F9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333745310.0000000000F9B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F9B000
|
| Size: |
20480
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853843730.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
12288
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854201358.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855435757.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854521822.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
212E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1321293637.000000000212E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
212E000
|
| Size: |
8192
|
|
|
1781000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205417128.0000000001781000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1781000
|
| Size: |
118784
|
|
|
14A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1136625296.00000000014A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A7000
|
| Size: |
8192
|
|
|
11DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166952320.00000000011DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11DD000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854610311.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
12288
|
|
|
89A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1143620011.000000000089A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
89A000
|
| Size: |
24576
|
|
|
166E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205199847.000000000166E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
166E000
|
| Size: |
8192
|
|
|
15A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1290729283.00000000015A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15A3000
|
| Size: |
118784
|
|
|
15C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1293223504.00000000015C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C8000
|
| Size: |
200704
|
|
|
1562000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1286232302.0000000001562000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1562000
|
| Size: |
471040
|
|
|
11EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1319109581.00000000011EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11EF000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855355647.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
16D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205256133.00000000016D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16D0000
|
| Size: |
4096
|
|
|
1024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1144403973.0000000001024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1024000
|
| Size: |
90112
|
|
|
DD1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1143849418.0000000000DD1000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
DD1000
|
| Size: |
581632
|
|
|
3301000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598481587.0000000003301000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3301000
|
| Size: |
12288
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855920546.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
15E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178420322.00000000015E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15E0000
|
| Size: |
8192
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853329639.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
16D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1166643020.00000000016D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16D5000
|
| Size: |
667648
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
16C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1170072275.00000000016C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C8000
|
| Size: |
4096
|
|
|
2DF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333291703.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DF0000
|
| Size: |
4096
|
|
|
900000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1143665077.0000000000900000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
900000
|
| Size: |
4096
|
|
|
4359000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1200585086.0000000004359000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4359000
|
| Size: |
4096
|
|
|
478000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.1332922783.0000000000478000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
478000
|
| Size: |
36864
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853987170.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854980059.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1155000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1323515008.0000000001155000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1155000
|
| Size: |
8192
|
|
|
BB96EFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286402832.000000BB96EFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BB96EFD000
|
| Size: |
12288
|
|
|
112D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1320296866.000000000112D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
112D000
|
| Size: |
180224
|
|
|
337E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333569822.000000000337E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
337E000
|
| Size: |
8192
|
|
|
11B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1329441951.00000000011B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11B4000
|
| Size: |
4096
|
|
|
435D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1204347990.000000000435D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
435D000
|
| Size: |
458752
|
|
|
3950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330972190.0000000003950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3950000
|
| Size: |
1187840
|
|
|
14EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144249296.00000000014EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14EA000
|
| Size: |
630784
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
3B59000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1156992919.0000000003B59000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B59000
|
| Size: |
4096
|
|
|
B2E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.1177079981.0000000000B2E000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B2E000
|
| Size: |
8192
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858164001.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854635577.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858860271.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
DD1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1131674648.0000000000DD1000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
DD1000
|
| Size: |
581632
|
|
|
1D3327F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286655557.000001D3327F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D3327F6000
|
| Size: |
90112
|
|
|
3CA9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332340895.0000000003CA9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3CA9000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857644315.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1576000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320923820.0000000001576000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1576000
|
| Size: |
4096
|
|
|
1638000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178460151.0000000001638000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1638000
|
| Size: |
180224
|
|
|
12EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144018696.00000000012EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12EF000
|
| Size: |
4096
|
|
|
1184000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1323515008.0000000001184000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1184000
|
| Size: |
4096
|
|
|
200E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144368340.000000000200E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
200E000
|
| Size: |
8192
|
|
|
1680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205233031.0000000001680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
8192
|
|
|
3CA9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332960612.0000000003CA9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3CA9000
|
| Size: |
4096
|
|
|
322B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598067033.000000000322B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
322B000
|
| Size: |
4096
|
|
|
14A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1136761344.00000000014A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A7000
|
| Size: |
8192
|
|
|
1530000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320727987.0000000001530000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1530000
|
| Size: |
24576
|
|
|
37B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144386375.00000000037B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
37B0000
|
| Size: |
499712
|
|
|
15A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178337767.00000000015A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15A0000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858635347.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
17B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1179034300.00000000017B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B8000
|
| Size: |
16384
|
|
|
1330000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320163854.0000000001330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1330000
|
| Size: |
8192
|
|
|
A71000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.1177683448.0000000000A71000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A71000
|
| Size: |
581632
|
|
|
A70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1142832033.0000000000A70000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
1D33280C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1285918150.000001D33280C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D33280C000
|
| Size: |
86016
|
|
|
AFF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000012.00000002.1333603417.0000000000AFF000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AFF000
|
| Size: |
147456
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854962777.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3D33000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1300439002.0000000003D33000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3D33000
|
| Size: |
507904
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858426180.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1D3327EB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286539190.000001D3327EB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D3327EB000
|
| Size: |
12288
|
|
|
146C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1133622189.000000000146C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
146C000
|
| Size: |
196608
|
|
|
AFF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1204769597.0000000000AFF000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AFF000
|
| Size: |
147456
|
|
|
94E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1143705013.000000000094E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
94E000
|
| Size: |
8192
|
|
|
17A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1186949307.00000000017A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A4000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854773336.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855022638.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1D3327F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1286106736.000001D3327F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D3327F4000
|
| Size: |
4096
|
|
|
42CD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1192899738.00000000042CD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42CD000
|
| Size: |
458752
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1852974867.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144350109.0000000001C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1C0E000
|
| Size: |
8192
|
|
|
2DD0000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000013.00000002.1333245360.0000000002DD0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
2DD0000
|
| Size: |
4096
|
|
|
3A30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1159722950.0000000003A30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A30000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855481596.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3C19000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1331149447.0000000003C19000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C19000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854591048.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1076000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1148159986.0000000001076000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1076000
|
| Size: |
200704
|
|
|
15A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1293488181.00000000015A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15A3000
|
| Size: |
118784
|
|
|
3239000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598425947.0000000003239000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3239000
|
| Size: |
8192
|
|
|
BB96BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286346532.000000BB96BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BB96BFE000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854918409.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
145B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1204965212.000000000145B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
145B000
|
| Size: |
20480
|
|
|
1051000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1148207155.0000000001051000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1051000
|
| Size: |
118784
|
|
|
354F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1167294151.000000000354F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
354F000
|
| Size: |
4096
|
|
|
475000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3596822407.0000000000475000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
475000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854820873.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
16A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1169959361.00000000016A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A4000
|
| Size: |
118784
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854006919.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
90E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166151477.000000000090E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
90E000
|
| Size: |
8192
|
|
|
101A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166617091.000000000101A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
101A000
|
| Size: |
8192
|
|
|
AFF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1165838392.0000000000AFF000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AFF000
|
| Size: |
147456
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1186949307.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
65536
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858814372.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3FA3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176483867.0000000003FA3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FA3000
|
| Size: |
507904
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853177524.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
4359000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1204347990.0000000004359000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4359000
|
| Size: |
4096
|
|
|
1184000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1323650318.0000000001184000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1184000
|
| Size: |
4096
|
|
|
1688000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1170072275.0000000001688000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1688000
|
| Size: |
65536
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853512483.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
43CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1200585086.00000000043CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
43CE000
|
| Size: |
24576
|
|
|
17E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1178096943.00000000017E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17E9000
|
| Size: |
454656
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858792853.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
14B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1133175498.00000000014B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14B5000
|
| Size: |
847872
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
3A73000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330346842.0000000003A73000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A73000
|
| Size: |
507904
|
|
|
3C8E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330523509.0000000003C8E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C8E000
|
| Size: |
24576
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858669101.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855762301.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
F9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166526631.0000000000F9B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F9B000
|
| Size: |
20480
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855273456.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
E8E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1131815448.0000000000E8E000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
E8E000
|
| Size: |
8192
|
|
|
2C7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333095845.0000000002C7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C7C000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855742542.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3C19000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330019071.0000000003C19000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C19000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853020882.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
12288
|
|
|
11DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1319109581.00000000011DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11DB000
|
| Size: |
20480
|
|
|
3A73000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330972190.0000000003A73000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A73000
|
| Size: |
507904
|
|
|
3D1E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332340895.0000000003D1E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3D1E000
|
| Size: |
24576
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856114501.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853407188.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
12288
|
|
|
1696000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1321128477.0000000001696000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1696000
|
| Size: |
151552
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855939908.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1686000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1321100258.0000000001686000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1686000
|
| Size: |
61440
|
|
|
16A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1169211982.00000000016A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A4000
|
| Size: |
118784
|
|
|
B24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1177018272.0000000000B24000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B24000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
41BE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176220208.00000000041BE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41BE000
|
| Size: |
24576
|
|
|
122E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178049248.000000000122E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
122E000
|
| Size: |
8192
|
|
|
3DB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1302005571.0000000003DB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3DB0000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853726598.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
A71000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000006.00000002.1204693343.0000000000A71000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A71000
|
| Size: |
581632
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854476034.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1781000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1181097923.0000000001781000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1781000
|
| Size: |
118784
|
|
|
1510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205148572.0000000001510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1510000
|
| Size: |
20480
|
|
|
101D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1144322732.000000000101D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
101D000
|
| Size: |
86016
|
|
|
3212000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598067033.0000000003212000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3212000
|
| Size: |
98304
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2DE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597595418.0000000002DE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DE0000
|
| Size: |
4096
|
|
|
A71000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000C.00000002.1313897150.0000000000A71000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A71000
|
| Size: |
581632
|
|
|
3DB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1300764405.0000000003DB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3DB0000
|
| Size: |
1196032
|
|
|
BC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1318851992.0000000000BC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BC0000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857750011.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
12288
|
|
|
1146000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166899778.0000000001146000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1146000
|
| Size: |
155648
|
|
|
2D70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597434921.0000000002D70000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D70000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855622439.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3D1E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1331671149.0000000003D1E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3D1E000
|
| Size: |
24576
|
|
|
FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333884173.0000000000FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FFE000
|
| Size: |
8192
|
|
|
1597000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1293488181.0000000001597000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1597000
|
| Size: |
8192
|
|
|
4090000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1198165528.0000000004090000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4090000
|
| Size: |
1187840
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855308660.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1323650318.0000000001160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1160000
|
| Size: |
118784
|
|
|
3BC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205920219.0000000003BC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3BC0000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853221399.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
475000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000013.00000002.1332922783.0000000000475000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
475000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856221713.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855529138.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
A70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1204669861.0000000000A70000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
9A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1143782629.00000000009A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9A0000
|
| Size: |
24576
|
|
|
A71000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000012.00000000.1303312630.0000000000A71000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A71000
|
| Size: |
581632
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166129786.00000000005F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
4096
|
|
|
3B03000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1331484416.0000000003B03000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B03000
|
| Size: |
507904
|
|
|
1670000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1178555736.0000000001670000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1670000
|
| Size: |
20480
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854053525.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
12288
|
|
|
39E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1331484416.00000000039E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
39E0000
|
| Size: |
1187840
|
|
|
1664000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1166719820.0000000001664000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1664000
|
| Size: |
462848
|
|
|
1260000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320075366.0000000001260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1260000
|
| Size: |
8192
|
|
|
121E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178049248.000000000121E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
121E000
|
| Size: |
8192
|
|
|
1024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166743603.0000000001024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1024000
|
| Size: |
4096
|
|
|
AFF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1166391044.0000000000AFF000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AFF000
|
| Size: |
147456
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856899943.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854156746.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
12288
|
|
|
323E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333483561.000000000323E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
323E000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855462858.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1074000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166743603.0000000001074000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1074000
|
| Size: |
4096
|
|
|
F7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333745310.0000000000F7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F7F000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855098270.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
12FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144018696.00000000012FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12FB000
|
| Size: |
20480
|
|
|
BB96FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286424811.000000BB96FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BB96FFE000
|
| Size: |
8192
|
|
|
1D33287D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1286002793.000001D33287D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D33287D000
|
| Size: |
4096
|
|
|
3B80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332340895.0000000003B80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B80000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1D3327EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1286148810.000001D3327EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D3327EE000
|
| Size: |
24576
|
|
|
B24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1142899131.0000000000B24000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B24000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
BB971FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286476071.000000BB971FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BB971FC000
|
| Size: |
16384
|
|
|
B2E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000C.00000000.1285246523.0000000000B2E000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B2E000
|
| Size: |
8192
|
|
|
3C1D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1331149447.0000000003C1D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C1D000
|
| Size: |
458752
|
|
|
1075000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1146715755.0000000001075000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1075000
|
| Size: |
8192
|
|
|
A70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1164718719.0000000000A70000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
B24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.1285180741.0000000000B24000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B24000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857334799.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1410000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178277984.0000000001410000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1410000
|
| Size: |
4096
|
|
|
160B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144327242.000000000160B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
160B000
|
| Size: |
4096
|
|
|
17A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1180266831.00000000017A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A4000
|
| Size: |
12288
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853626144.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
15C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1299948672.00000000015C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C7000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857359311.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
2CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333203589.0000000002CF0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CF0000
|
| Size: |
4096
|
|
|
1450000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1133574289.0000000001450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
180224
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855071634.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857833997.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
42C9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1187496634.00000000042C9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42C9000
|
| Size: |
4096
|
|
|
BB96559000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286271947.000000BB96559000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BB96559000
|
| Size: |
28672
|
|
|
1483000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1135460271.0000000001483000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1483000
|
| Size: |
118784
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856697551.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178319095.0000000001510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1510000
|
| Size: |
4096
|
|
|
17BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1170364507.00000000017BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17BC000
|
| Size: |
471040
|
|
|
E97000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1131857856.0000000000E97000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E97000
|
| Size: |
536576
|
|
|
160B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1286430574.000000000160B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
160B000
|
| Size: |
131072
|
|
|
98E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1143742421.000000000098E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98E000
|
| Size: |
8192
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854840490.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
E5F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1131769187.0000000000E5F000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E5F000
|
| Size: |
147456
|
|
|
1781000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1181191579.0000000001781000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1781000
|
| Size: |
118784
|
|
|
13B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320559728.00000000013B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13B0000
|
| Size: |
20480
|
|
|
3002000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597666497.0000000003002000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3002000
|
| Size: |
20480
|
|
|
1095000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1148268658.0000000001095000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1095000
|
| Size: |
73728
|
|
|
4090000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1203025286.0000000004090000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4090000
|
| Size: |
1187840
|
|
|
B2E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000004.00000000.1165901810.0000000000B2E000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B2E000
|
| Size: |
8192
|
|
|
A71000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1166332349.0000000000A71000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A71000
|
| Size: |
581632
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853668074.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
4359000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1203514134.0000000004359000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4359000
|
| Size: |
4096
|
|
|
147C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1204965212.000000000147C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
147C000
|
| Size: |
16384
|
|
|
10A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1155115919.00000000010A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A5000
|
| Size: |
8192
|
|
|
3C1D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330523509.0000000003C1D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C1D000
|
| Size: |
458752
|
|
|
182E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1179058270.000000000182E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
182E000
|
| Size: |
4096
|
|
|
1012000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1143798985.0000000001012000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1012000
|
| Size: |
688128
|
|
|
3ED9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1302005571.0000000003ED9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3ED9000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856084094.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858717193.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
F7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166526631.0000000000F7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F7E000
|
| Size: |
8192
|
|
|
AFF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.1285180741.0000000000AFF000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AFF000
|
| Size: |
147456
|
|
|
127B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1329388500.000000000127B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
127B000
|
| Size: |
466944
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856823023.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1410000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144095149.0000000001410000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1410000
|
| Size: |
24576
|
|
|
3014000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857959271.0000000003014000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3014000
|
| Size: |
12288
|
|
|
B24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1314208611.0000000000B24000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B24000
|
| Size: |
40960
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853535413.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3025000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858903098.0000000003025000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3025000
|
| Size: |
12288
|
|
|
35CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598552187.00000000035CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35CF000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853108444.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
A70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1313316223.0000000000A70000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
B37000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.1177919252.0000000000B37000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B37000
|
| Size: |
536576
|
|
|
101C000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1166718929.000000000101C000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
101C000
|
| Size: |
20480
|
|
|
3AAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205832755.0000000003AAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3AAE000
|
| Size: |
8192
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857563917.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1457000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1137115596.0000000001457000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1457000
|
| Size: |
65536
|
|
|
174D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1178395941.000000000174D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
174D000
|
| Size: |
180224
|
|
|
4230000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1203514134.0000000004230000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4230000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
6A9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333344898.00000000006A9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A9000
|
| Size: |
28672
|
|
|
1160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1322554767.0000000001160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1160000
|
| Size: |
118784
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858078419.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1D332824000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286713072.000001D332824000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D332824000
|
| Size: |
352256
|
|
|
4EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598724896.0000000004EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4EEE000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858461418.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
16C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1169959361.00000000016C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C8000
|
| Size: |
4096
|
|
|
1779000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178873033.0000000001779000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1779000
|
| Size: |
114688
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854246470.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856747617.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1671000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1167077131.0000000001671000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1671000
|
| Size: |
180224
|
|
|
4123000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1187242203.0000000004123000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4123000
|
| Size: |
507904
|
|
|
333E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333542626.000000000333E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
333E000
|
| Size: |
8192
|
|
|
1483000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144194015.0000000001483000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1483000
|
| Size: |
118784
|
|
|
15F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1299948672.00000000015F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15F7000
|
| Size: |
8192
|
|
|
435D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1200585086.000000000435D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
435D000
|
| Size: |
458752
|
|
|
156F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1290729283.000000000156F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
156F000
|
| Size: |
172032
|
|
|
190E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205779046.000000000190E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
190E000
|
| Size: |
4096
|
|
|
4020000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176220208.0000000004020000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4020000
|
| Size: |
1196032
|
|
|
174D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1180266831.000000000174D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
174D000
|
| Size: |
172032
|
|
|
174C000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1205369118.000000000174C000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
174C000
|
| Size: |
20480
|
|
|
3EDD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1302005571.0000000003EDD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3EDD000
|
| Size: |
458752
|
|
|
4FEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598779136.0000000004FEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FEF000
|
| Size: |
4096
|
|
|
1D3327C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286539190.000001D3327C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D3327C0000
|
| Size: |
28672
|
|
|
1074000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1148207155.0000000001074000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1074000
|
| Size: |
8192
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853764968.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
116C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1155069077.000000000116C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
116C000
|
| Size: |
466944
|
|
|
1D332ABE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286888156.000001D332ABE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D332ABE000
|
| Size: |
4096
|
|
|
FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333745310.0000000000FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FAF000
|
| Size: |
4096
|
|
|
1809000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1177939801.0000000001809000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1809000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857504449.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854077451.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
8192
|
|
|
10B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166834475.00000000010B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10B9000
|
| Size: |
573440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854182728.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
16A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178577443.00000000016A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A4000
|
| Size: |
118784
|
|
|
143F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1204965212.000000000143F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
143F000
|
| Size: |
4096
|
|
|
1764000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1181191579.0000000001764000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1764000
|
| Size: |
65536
|
|
|
1075000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1155115919.0000000001075000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1075000
|
| Size: |
4096
|
|
|
16C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178577443.00000000016C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C8000
|
| Size: |
4096
|
|
|
10F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334128380.00000000010F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10F8000
|
| Size: |
61440
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853882219.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
12288
|
|
|
15C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1291362577.00000000015C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C6000
|
| Size: |
12288
|
|
|
172A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1166567720.000000000172A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
172A000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853359351.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3CE1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1142618297.0000000003CE1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE1000
|
| Size: |
532480
|
|
|
3236000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598356113.0000000003236000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3236000
|
| Size: |
4096
|
|
|
1E2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1179077187.0000000001E2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1E2E000
|
| Size: |
8192
|
|
|
1160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1329472066.0000000001160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1160000
|
| Size: |
118784
|
|
|
3014000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597798245.0000000003014000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3014000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855225070.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
478000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.3596822407.0000000000478000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
478000
|
| Size: |
36864
|
|
|
157C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1287362907.000000000157C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
157C000
|
| Size: |
258048
|
|
|
11A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1323608471.00000000011A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11A4000
|
| Size: |
69632
|
|
|
15D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1286743108.00000000015D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15D5000
|
| Size: |
720896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3C19000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330523509.0000000003C19000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C19000
|
| Size: |
4096
|
|
|
1418000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144095149.0000000001418000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1418000
|
| Size: |
176128
|
|
|
15C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320923820.00000000015C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C6000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856418265.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1D332824000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1285918150.000001D332824000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D332824000
|
| Size: |
352256
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
43CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1204347990.00000000043CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
43CE000
|
| Size: |
24576
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858228843.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1483000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1136761344.0000000001483000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1483000
|
| Size: |
118784
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856318719.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1323515008.0000000001160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1160000
|
| Size: |
118784
|
|
|
15A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1291362577.00000000015A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15A3000
|
| Size: |
118784
|
|
|
1742000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1177635831.0000000001742000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1742000
|
| Size: |
471040
|
|
|
3EDD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1300764405.0000000003EDD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3EDD000
|
| Size: |
458752
|
|
|
162E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205177988.000000000162E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
162E000
|
| Size: |
8192
|
|
|
103A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1144363752.000000000103A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
103A000
|
| Size: |
212992
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1852896768.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1563000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1286853370.0000000001563000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1563000
|
| Size: |
466944
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858841361.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853946198.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
170A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178722122.000000000170A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
170A000
|
| Size: |
450560
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
16E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1170037150.00000000016E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16E8000
|
| Size: |
69632
|
|
|
347E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333591839.000000000347E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
347E000
|
| Size: |
8192
|
|
|
3A30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1156992919.0000000003A30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A30000
|
| Size: |
1196032
|
|
|
A71000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000000.1142847421.0000000000A71000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A71000
|
| Size: |
581632
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856395499.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1322457031.0000000001160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1160000
|
| Size: |
118784
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854270456.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857306474.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857249974.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
144B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144095149.000000000144B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
144B000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854564738.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855329020.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1074000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1146616579.0000000001074000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1074000
|
| Size: |
12288
|
|
|
E97000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1143964375.0000000000E97000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E97000
|
| Size: |
536576
|
|
|
1051000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1155168453.0000000001051000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1051000
|
| Size: |
118784
|
|
|
15C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1293762979.00000000015C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C6000
|
| Size: |
8192
|
|
|
41B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1198165528.00000000041B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41B3000
|
| Size: |
507904
|
|
|
4EAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598683481.0000000004EAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4EAF000
|
| Size: |
4096
|
|
|
17A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1181191579.00000000017A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A4000
|
| Size: |
8192
|
|
|
FE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166617091.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FE0000
|
| Size: |
24576
|
|
|
2D80000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.3597511026.0000000002D80000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
2D80000
|
| Size: |
4096
|
|
|
3101000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333453169.0000000003101000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3101000
|
| Size: |
8192
|
|
|
1D332811000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1286019920.000001D332811000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D332811000
|
| Size: |
65536
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857412699.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857537443.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856527627.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857728369.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854138288.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1781000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1180266831.0000000001781000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1781000
|
| Size: |
118784
|
|
|
3B59000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1159722950.0000000003B59000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B59000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853133683.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
189D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1186842849.000000000189D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
189D000
|
| Size: |
466944
|
|
|
E84000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1131769187.0000000000E84000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E84000
|
| Size: |
40960
|
|
|
1184000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1329472066.0000000001184000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1184000
|
| Size: |
4096
|
|
|
950000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166237730.0000000000950000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
950000
|
| Size: |
8192
|
|
|
170A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1166719820.000000000170A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
170A000
|
| Size: |
450560
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
3144000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1167134950.0000000003144000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3144000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858125122.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854938085.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
13CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178187749.00000000013CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13CE000
|
| Size: |
8192
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854654616.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
B32000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000012.00000000.1304022919.0000000000B32000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B32000
|
| Size: |
8192
|
|
|
A70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.1177620804.0000000000A70000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
B24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1204769597.0000000000B24000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B24000
|
| Size: |
40960
|
|
|
17A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205417128.00000000017A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A4000
|
| Size: |
4096
|
|
|
3CD3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1142618297.0000000003CD3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3CD3000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
FD0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1154735301.0000000000FD0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
FD0000
|
| Size: |
4096
|
|
|
41A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1187496634.00000000041A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41A0000
|
| Size: |
1196032
|
|
|
14A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144194015.00000000014A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A7000
|
| Size: |
4096
|
|
|
B24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1166391044.0000000000B24000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B24000
|
| Size: |
40960
|
|
|
A71000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000006.00000000.1176938965.0000000000A71000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A71000
|
| Size: |
581632
|
|
|
144F000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1144161008.000000000144F000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
144F000
|
| Size: |
16384
|
|
|
1074000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1155168453.0000000001074000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1074000
|
| Size: |
4096
|
|
|
2E02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333325449.0000000002E02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E02000
|
| Size: |
20480
|
|
|
1051000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1148291090.0000000001051000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1051000
|
| Size: |
118784
|
|
|
B32000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000006.00000000.1177079981.0000000000B32000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B32000
|
| Size: |
8192
|
|
|
1185000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1322622268.0000000001185000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1185000
|
| Size: |
4096
|
|
|
150A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1133107257.000000000150A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
150A000
|
| Size: |
4096
|
|
|
DD0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1143831694.0000000000DD0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DD0000
|
| Size: |
4096
|
|
|
1D3326D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286501824.000001D3326D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D3326D0000
|
| Size: |
4096
|
|
|
15C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1291575826.00000000015C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C7000
|
| Size: |
8192
|
|
|
3E80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176483867.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3E80000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1134000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334278446.0000000001134000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1134000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853152789.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1D332AB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286888156.000001D332AB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D332AB0000
|
| Size: |
16384
|
|
|
43CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1203514134.00000000043CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
43CE000
|
| Size: |
24576
|
|
|
1678000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1167317838.0000000001678000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1678000
|
| Size: |
86016
|
|
|
3950000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1329765085.0000000003950000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3950000
|
| Size: |
1187840
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858284311.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1587000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1293762979.0000000001587000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1587000
|
| Size: |
65536
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853865697.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
A70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.1285055038.0000000000A70000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
3016000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854077451.0000000003016000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3016000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856487094.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
17C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1181168699.00000000017C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17C5000
|
| Size: |
73728
|
|
|
1D332AB5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286888156.000001D332AB5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D332AB5000
|
| Size: |
24576
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858055268.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1630000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178460151.0000000001630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1630000
|
| Size: |
24576
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854793731.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
38D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144444833.00000000038D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
38D4000
|
| Size: |
8192
|
|
|
1796000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178954702.0000000001796000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1796000
|
| Size: |
135168
|
|
|
12DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144018696.00000000012DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12DF000
|
| Size: |
4096
|
|
|
17A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1181097923.00000000017A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A4000
|
| Size: |
8192
|
|
|
B37000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1165943220.0000000000B37000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B37000
|
| Size: |
536576
|
|
|
15E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1293701134.00000000015E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15E7000
|
| Size: |
73728
|
|
|
1051000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1146616579.0000000001051000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1051000
|
| Size: |
118784
|
|
|
42CD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1188124215.00000000042CD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42CD000
|
| Size: |
458752
|
|
|
1662000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1166319005.0000000001662000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1662000
|
| Size: |
471040
|
|
|
950000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1313173571.0000000000950000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
950000
|
| Size: |
4096
|
|
|
1562000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1286522922.0000000001562000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1562000
|
| Size: |
692224
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855868156.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
14A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1137081171.00000000014A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A8000
|
| Size: |
4096
|
|
|
15C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1290729283.00000000015C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C6000
|
| Size: |
12288
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854547023.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
910000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166197435.0000000000910000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
910000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856802618.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
15C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1293488181.00000000015C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C6000
|
| Size: |
8192
|
|
|
4230000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1200585086.0000000004230000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4230000
|
| Size: |
1196032
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858552022.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1F0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205806979.0000000001F0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1F0F000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853309457.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1852955255.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
10F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334128380.00000000010F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
24576
|
|
|
4000000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1187951778.0000000004000000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4000000
|
| Size: |
1187840
|
|
|
1D3327EF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286629802.000001D3327EF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D3327EF000
|
| Size: |
20480
|
|
|
3C8E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1331149447.0000000003C8E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C8E000
|
| Size: |
24576
|
|
|
1678000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178577443.0000000001678000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1678000
|
| Size: |
4096
|
|
|
10E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334028797.00000000010E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E0000
|
| Size: |
20480
|
|
|
B24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000012.00000002.1333603417.0000000000B24000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B24000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
B32000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000000.1143170095.0000000000B32000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B32000
|
| Size: |
8192
|
|
|
B24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000012.00000000.1303620323.0000000000B24000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B24000
|
| Size: |
40960
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853090220.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
A6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1313260762.0000000000A6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A6E000
|
| Size: |
8192
|
|
|
B24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1165838392.0000000000B24000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B24000
|
| Size: |
40960
|
|
|
B32000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000004.00000000.1165901810.0000000000B32000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B32000
|
| Size: |
8192
|
|
|
920000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166219732.0000000000920000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
920000
|
| Size: |
20480
|
|
|
3CA9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1331671149.0000000003CA9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3CA9000
|
| Size: |
4096
|
|
|
1483000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1135526147.0000000001483000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1483000
|
| Size: |
118784
|
|
|
123B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178049248.000000000123B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
123B000
|
| Size: |
20480
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853643826.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1035000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1148291090.0000000001035000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1035000
|
| Size: |
61440
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858748145.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
17D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1186894831.00000000017D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D5000
|
| Size: |
8192
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855807693.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853905705.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
E92000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1131815448.0000000000E92000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
E92000
|
| Size: |
8192
|
|
|
1195000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1318587581.0000000001195000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1195000
|
| Size: |
880640
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
123E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320045600.000000000123E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
123E000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853001563.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1718000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205286443.0000000001718000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1718000
|
| Size: |
176128
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854890055.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858582802.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166526631.0000000000F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F8E000
|
| Size: |
8192
|
|
|
B37000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000000.1285367552.0000000000B37000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B37000
|
| Size: |
536576
|
|
|
710000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333384134.0000000000710000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
710000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855557005.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1184000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1322457031.0000000001184000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1184000
|
| Size: |
8192
|
|
|
11CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1313892921.00000000011CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11CA000
|
| Size: |
131072
|
|
|
3C10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1300439002.0000000003C10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C10000
|
| Size: |
1187840
|
|
|
1184000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1322554767.0000000001184000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1184000
|
| Size: |
8192
|
|
|
1145000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1323650318.0000000001145000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1145000
|
| Size: |
65536
|
|
|
16C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1169211982.00000000016C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C8000
|
| Size: |
8192
|
|
|
160A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1286853370.000000000160A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
160A000
|
| Size: |
503808
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
A3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333450580.0000000000A3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A3E000
|
| Size: |
8192
|
|
|
1876000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205713259.0000000001876000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1876000
|
| Size: |
69632
|
|
|
3E80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176037437.0000000003E80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3E80000
|
| Size: |
1187840
|
|
|
1477000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1136625296.0000000001477000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1477000
|
| Size: |
12288
|
|
|
435D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1203514134.000000000435D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
435D000
|
| Size: |
458752
|
|
|
2D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597369409.0000000002D40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D40000
|
| Size: |
8192
|
|
|
168D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1167279458.000000000168D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
168D000
|
| Size: |
212992
|
|
|
B37000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000012.00000000.1304158674.0000000000B37000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B37000
|
| Size: |
536576
|
|
|
172C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1321191495.000000000172C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
172C000
|
| Size: |
4096
|
|
|
AFF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1177018272.0000000000AFF000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AFF000
|
| Size: |
147456
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854228440.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
FBC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166526631.0000000000FBC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FBC000
|
| Size: |
16384
|
|
|
15A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1300068045.00000000015A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15A3000
|
| Size: |
118784
|
|
|
348F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334557389.000000000348F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
348F000
|
| Size: |
4096
|
|
|
3CAD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332960612.0000000003CAD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3CAD000
|
| Size: |
458752
|
|
|
4123000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1187951778.0000000004123000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4123000
|
| Size: |
507904
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855376608.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
39B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1158952315.00000000039B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
39B3000
|
| Size: |
507904
|
|
|
B37000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1143222576.0000000000B37000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B37000
|
| Size: |
536576
|
|
|
41B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1203025286.00000000041B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41B3000
|
| Size: |
507904
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855651065.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
A70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000000.1176896909.0000000000A70000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
41A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1188124215.00000000041A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41A0000
|
| Size: |
1196032
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858767017.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3BCE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1156992919.0000000003BCE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3BCE000
|
| Size: |
24576
|
|
|
1012000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1143615703.0000000001012000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1012000
|
| Size: |
466944
|
|
|
1085000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1143905714.0000000001085000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1085000
|
| Size: |
786432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856459590.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
BB970FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286451332.000000BB970FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BB970FF000
|
| Size: |
4096
|
|
|
4230000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1204347990.0000000004230000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4230000
|
| Size: |
1196032
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856062734.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
14A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1135460271.00000000014A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A7000
|
| Size: |
12288
|
|
|
3CAD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1331671149.0000000003CAD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3CAD000
|
| Size: |
458752
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853963272.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
39E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332048389.00000000039E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
39E0000
|
| Size: |
1187840
|
|
|
1585000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144303524.0000000001585000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1585000
|
| Size: |
86016
|
|
|
9AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166257393.00000000009AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9AE000
|
| Size: |
8192
|
|
|
433E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1187496634.000000000433E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
433E000
|
| Size: |
24576
|
|
|
BB969FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286325369.000000BB969FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BB969FE000
|
| Size: |
8192
|
|
|
3A73000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1329765085.0000000003A73000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A73000
|
| Size: |
507904
|
|
|
1000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333911300.0000000001000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1000000
|
| Size: |
8192
|
|
|
B2E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000012.00000000.1304022919.0000000000B2E000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B2E000
|
| Size: |
8192
|
|
|
16A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1170420413.00000000016A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A4000
|
| Size: |
118784
|
|
|
162A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1286648716.000000000162A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
162A000
|
| Size: |
4096
|
|
|
14E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205095229.00000000014E0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14E0000
|
| Size: |
4096
|
|
|
11CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1319109581.00000000011CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11CF000
|
| Size: |
4096
|
|
|
16A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1170072275.00000000016A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16A4000
|
| Size: |
118784
|
|
|
17B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1178017044.00000000017B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B5000
|
| Size: |
667648
|
|
|
17A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1180384331.00000000017A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A5000
|
| Size: |
8192
|
|
|
1122000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1313242747.0000000001122000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1122000
|
| Size: |
466944
|
|
|
112A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334128380.000000000112A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
112A000
|
| Size: |
8192
|
|
|
4DAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3598622255.0000000004DAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DAE000
|
| Size: |
8192
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597927725.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
12288
|
|
|
3CAD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332340895.0000000003CAD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3CAD000
|
| Size: |
458752
|
|
|
11E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1314499498.00000000011E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11E9000
|
| Size: |
4096
|
|
|
1456000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1144161008.0000000001456000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
1456000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853285032.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
17A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1186894831.00000000017A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A5000
|
| Size: |
4096
|
|
|
1D33287B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1285918150.000001D33287B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D33287B000
|
| Size: |
12288
|
|
|
14EB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1133015151.00000000014EB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14EB000
|
| Size: |
131072
|
|
|
131C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144018696.000000000131C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
131C000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856772442.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
16C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1169911806.00000000016C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C9000
|
| Size: |
196608
|
|
|
10BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1143770644.00000000010BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10BA000
|
| Size: |
131072
|
|
|
1024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1155168453.0000000001024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1024000
|
| Size: |
69632
|
|
|
16BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1299830030.00000000016BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16BB000
|
| Size: |
466944
|
|
|
1442000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1133044926.0000000001442000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1442000
|
| Size: |
692224
|
|
|
39B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1155565662.00000000039B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
39B3000
|
| Size: |
507904
|
|
|
101D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1146616579.000000000101D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
101D000
|
| Size: |
172032
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853827433.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853195728.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1483000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1137115596.0000000001483000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1483000
|
| Size: |
118784
|
|
|
1160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334278446.0000000001160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1160000
|
| Size: |
118784
|
|
|
1122000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1314043812.0000000001122000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1122000
|
| Size: |
688128
|
|
|
B2E000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000000.1143170095.0000000000B2E000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B2E000
|
| Size: |
8192
|
|
|
1742000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1177845504.0000000001742000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1742000
|
| Size: |
688128
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1859024948.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
12EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334486443.00000000012EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12EC000
|
| Size: |
4096
|
|
|
58A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166105462.000000000058A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
58A000
|
| Size: |
24576
|
|
|
B37000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000012.00000002.1333691676.0000000000B37000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B37000
|
| Size: |
536576
|
|
|
1D3328C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286826724.000001D3328C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D3328C0000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855508942.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853804446.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
14A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1137115596.00000000014A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A7000
|
| Size: |
4096
|
|
|
F8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333745310.0000000000F8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F8F000
|
| Size: |
4096
|
|
|
3000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.3597666497.0000000003000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3000000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855416979.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
D70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1143815335.0000000000D70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D70000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857280515.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
E5F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1143896044.0000000000E5F000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E5F000
|
| Size: |
147456
|
|
|
1D2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1321262100.0000000001D2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1D2F000
|
| Size: |
4096
|
|
|
1678000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1170420413.0000000001678000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1678000
|
| Size: |
65536
|
|
|
B32000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000C.00000000.1285246523.0000000000B32000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B32000
|
| Size: |
8192
|
|
|
1754000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205417128.0000000001754000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1754000
|
| Size: |
4096
|
|
|
3B5D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1159722950.0000000003B5D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B5D000
|
| Size: |
458752
|
|
|
1013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1143983569.0000000001013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1013000
|
| Size: |
466944
|
|
|
10C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333939113.00000000010C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10C0000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858483385.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3C8E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330019071.0000000003C8E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C8E000
|
| Size: |
24576
|
|
|
17E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205539947.00000000017E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17E9000
|
| Size: |
454656
|
|
|
41A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1192899738.00000000041A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41A0000
|
| Size: |
1196032
|
|
|
170B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1166446064.000000000170B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
170B000
|
| Size: |
131072
|
|
|
174A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205286443.000000000174A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
174A000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858320552.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1D332824000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1286019920.000001D332824000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D332824000
|
| Size: |
352256
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854111763.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
A70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1166306506.0000000000A70000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
1467000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1136761344.0000000001467000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1467000
|
| Size: |
65536
|
|
|
1576000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1300068045.0000000001576000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1576000
|
| Size: |
69632
|
|
|
1460000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178297180.0000000001460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1460000
|
| Size: |
20480
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858605140.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
12288
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855698768.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3D1E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332960612.0000000003D1E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3D1E000
|
| Size: |
24576
|
|
|
144F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1204965212.000000000144F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
144F000
|
| Size: |
4096
|
|
|
2CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333141606.0000000002CA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CA0000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856851750.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1D33287B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286713072.000001D33287B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D33287B000
|
| Size: |
8192
|
|
|
17EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1177806115.00000000017EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17EA000
|
| Size: |
131072
|
|
|
1D3328E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286849660.000001D3328E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D3328E0000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856342786.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857907780.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
11BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1319109581.00000000011BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11BF000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858259716.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
42C9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1192899738.00000000042C9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
42C9000
|
| Size: |
4096
|
|
|
3AF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1331149447.0000000003AF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3AF0000
|
| Size: |
1196032
|
|
|
1781000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1186949307.0000000001781000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1781000
|
| Size: |
118784
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855005447.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
A71000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000C.00000000.1285112583.0000000000A71000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A71000
|
| Size: |
581632
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853241521.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
38D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1144444833.00000000038D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
38D0000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858202987.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3890000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1155565662.0000000003890000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3890000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3014000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858886233.0000000003014000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3014000
|
| Size: |
12288
|
|
|
1743000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1178096943.0000000001743000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1743000
|
| Size: |
466944
|
|
|
1D332810000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286686263.000001D332810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D332810000
|
| Size: |
4096
|
|
|
B2E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1317317297.0000000000B2E000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B2E000
|
| Size: |
36864
|
|
|
1123000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1319174479.0000000001123000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1123000
|
| Size: |
466944
|
|
|
3B80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332960612.0000000003B80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B80000
|
| Size: |
1196032
|
|
|
1859000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205682475.0000000001859000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1859000
|
| Size: |
114688
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
15A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178337767.00000000015A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15A4000
|
| Size: |
8192
|
|
|
3B5D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1156992919.0000000003B5D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B5D000
|
| Size: |
458752
|
|
|
B2E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1177885571.0000000000B2E000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B2E000
|
| Size: |
36864
|
|
|
3F4E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1300764405.0000000003F4E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F4E000
|
| Size: |
24576
|
|
|
B37000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1204857853.0000000000B37000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B37000
|
| Size: |
536576
|
|
|
39E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332724810.00000000039E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
39E0000
|
| Size: |
1187840
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1852921159.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3B80000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1331671149.0000000003B80000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B80000
|
| Size: |
1196032
|
|
|
1D332ABC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286888156.000001D332ABC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D332ABC000
|
| Size: |
4096
|
|
|
4123000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1188598679.0000000004123000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4123000
|
| Size: |
507904
|
|
|
4000000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1188598679.0000000004000000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4000000
|
| Size: |
1187840
|
|
|
2C3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333066629.0000000002C3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C3C000
|
| Size: |
16384
|
|
|
14F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205119291.00000000014F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F0000
|
| Size: |
4096
|
|
|
4149000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176617994.0000000004149000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4149000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857479902.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
159A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1137039599.000000000159A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
159A000
|
| Size: |
466944
|
|
|
1264000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1320075366.0000000001264000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1264000
|
| Size: |
8192
|
|
|
126D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334452545.000000000126D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
126D000
|
| Size: |
57344
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856035654.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1443000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1133256996.0000000001443000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1443000
|
| Size: |
466944
|
|
|
A70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000012.00000000.1303213023.0000000000A70000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
1D332813000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286713072.000001D332813000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D332813000
|
| Size: |
57344
|
|
|
BB968FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286300116.000000BB968FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BB968FF000
|
| Size: |
4096
|
|
|
1D33287B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1286019920.000001D33287B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D33287B000
|
| Size: |
8192
|
|
|
414D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176617994.000000000414D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
414D000
|
| Size: |
458752
|
|
|
14A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1136594903.00000000014A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A9000
|
| Size: |
196608
|
|
|
14A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1135526147.00000000014A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14A7000
|
| Size: |
12288
|
|
|
1450000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1135460271.0000000001450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
172032
|
|
|
3015000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854320477.0000000003015000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3015000
|
| Size: |
8192
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858527394.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1858981629.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
4090000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1204050374.0000000004090000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4090000
|
| Size: |
1187840
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853484597.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
12288
|
|
|
1781000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1180341145.0000000001781000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1781000
|
| Size: |
118784
|
|
|
3ED9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1300764405.0000000003ED9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3ED9000
|
| Size: |
4096
|
|
|
14D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1137081171.00000000014D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14D8000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1859042755.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
B2E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166448324.0000000000B2E000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B2E000
|
| Size: |
36864
|
|
|
3140000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1167134950.0000000003140000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3140000
|
| Size: |
8192
|
|
|
18EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334517558.00000000018EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
18EF000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854295691.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1D3327C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1286539190.000001D3327C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D3327C8000
|
| Size: |
139264
|
|
|
1051000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166743603.0000000001051000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1051000
|
| Size: |
118784
|
|
|
E59000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178020676.0000000000E59000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E59000
|
| Size: |
28672
|
|
|
160A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1321024682.000000000160A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
160A000
|
| Size: |
503808
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3C20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1142618297.0000000003C20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C20000
|
| Size: |
729088
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856248242.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
AFF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.1314208611.0000000000AFF000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AFF000
|
| Size: |
147456
|
|
|
3AF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330523509.0000000003AF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3AF0000
|
| Size: |
1196032
|
|
|
433E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1188124215.000000000433E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
433E000
|
| Size: |
24576
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853685946.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1442000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1132879622.0000000001442000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1442000
|
| Size: |
471040
|
|
|
7F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333412505.00000000007F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F0000
|
| Size: |
4096
|
|
|
1135000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1329472066.0000000001135000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1135000
|
| Size: |
65536
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855048886.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3AF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330019071.0000000003AF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3AF0000
|
| Size: |
1196032
|
|
|
16C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1170420413.00000000016C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C8000
|
| Size: |
4096
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855892282.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
14C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1136723416.00000000014C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C8000
|
| Size: |
69632
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1855788325.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1074000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1148291090.0000000001074000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1074000
|
| Size: |
8192
|
|
|
15A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1293762979.00000000015A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15A3000
|
| Size: |
118784
|
|
|
1108000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1334128380.0000000001108000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1108000
|
| Size: |
110592
|
|
|
17A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1180341145.00000000017A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17A4000
|
| Size: |
12288
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853709859.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
11C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1319174479.00000000011C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C9000
|
| Size: |
667648
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
12B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178158008.00000000012B0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B0000
|
| Size: |
4096
|
|
|
3C1D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1330019071.0000000003C1D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3C1D000
|
| Size: |
458752
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856138962.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1853063618.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
3B03000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000003.1332724810.0000000003B03000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3B03000
|
| Size: |
507904
|
|
|
B37000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1166470054.0000000000B37000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B37000
|
| Size: |
536576
|
|
|
10D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.1333969299.00000000010D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D0000
|
| Size: |
8192
|
|
|
3890000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1158952315.0000000003890000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3890000
|
| Size: |
1187840
|
|
|
A71000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000012.00000002.1333512665.0000000000A71000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
A71000
|
| Size: |
581632
|
|
|
107A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1204936865.000000000107A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
107A000
|
| Size: |
24576
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1859088680.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
2CC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000013.00000002.1333172128.0000000002CC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
19
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CC0000
|
| Size: |
4096
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857798816.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1857674281.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
1774000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1181097923.0000000001774000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1774000
|
| Size: |
12288
|
|
|
3BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205920219.0000000003BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3BC4000
|
| Size: |
8192
|
|
|
1D3327F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000003.1286106736.000001D3327F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D3327F6000
|
| Size: |
90112
|
|
|
3FA3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176037437.0000000003FA3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FA3000
|
| Size: |
507904
|
|
|
41B3000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.1204050374.00000000041B3000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41B3000
|
| Size: |
507904
|
|
|
3024000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856921209.0000000003024000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3024000
|
| Size: |
16384
|
|
|
1710000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1205286443.0000000001710000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1710000
|
| Size: |
24576
|
|
|
17DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166985160.00000000017DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17DF000
|
| Size: |
4096
|
|
|
41BE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1176617994.00000000041BE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
41BE000
|
| Size: |
24576
|
|
|
16C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1169313469.00000000016C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16C9000
|
| Size: |
4096
|
|
|
FF8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1166617091.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FF8000
|
| Size: |
110592
|
|
|
AFF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000012.00000000.1303620323.0000000000AFF000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AFF000
|
| Size: |
147456
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1854502311.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
3013000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1856016617.0000000003013000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
16384
|
|
|
166B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1178460151.000000000166B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166B000
|
| Size: |
20480
|
|
