|
1A1000
|
unkown
|
page execute and read and write
|
 |
|
|
| Name: |
0000000D.00000002.1406937017.00000000001A1000.00000040.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
1A1000
|
| Size: |
225280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
771000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1318726698.0000000000771000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
771000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
| Sample uses string decryption to hide its real strings |
AV Detection |
|
|
|
A61000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1284777861.0000000000A61000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A61000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
|
|
4E50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1269735826.0000000004E50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E50000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
|
|
4F60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244429209.0000000004F60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4F60000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
|
|
771000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1310837173.0000000000771000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
771000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
|
|
4FF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1278383056.0000000004FF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4FF0000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Amadeys stealer DLL |
Stealing of Sensitive Information |
|
|
|
4A30000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1363729713.0000000004A30000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A30000
|
| Size: |
225280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
99C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311409800.000000000099C000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
99C000
|
| Size: |
4096
|
|
|
369F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408695142.000000000369F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
369F000
|
| Size: |
4096
|
|
|
3B6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325785224.0000000003B6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B6E000
|
| Size: |
8192
|
|
|
51F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288533605.00000000051F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51F4000
|
| Size: |
12288
|
|
|
6CFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288786356.0000000006CFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CFC000
|
| Size: |
16384
|
|
|
6A8E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1256658103.0000000006A8E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A8E000
|
| Size: |
4096
|
|
|
307E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339969920.000000000307E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
307E000
|
| Size: |
8192
|
|
|
3E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287573594.0000000003E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E9E000
|
| Size: |
8192
|
|
|
967000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1319780323.0000000000967000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
967000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
13E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286315409.00000000013E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E2000
|
| Size: |
4096
|
|
|
133E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286128921.000000000133E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
133E000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250226803.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249669047.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
A63000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000000.1257392261.0000000000A63000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A63000
|
| Size: |
4096
|
|
|
352E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325555100.000000000352E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
352E000
|
| Size: |
8192
|
|
|
492E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326310750.000000000492E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
492E000
|
| Size: |
8192
|
|
|
4FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1276569332.0000000004FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FB0000
|
| Size: |
192512
|
|
|
419000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1338164815.0000000000419000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
419000
|
| Size: |
4096
|
|
|
5AC000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000002.1338811200.00000000005AC000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
5AC000
|
| Size: |
8192
|
|
|
2EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325238823.0000000002EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EEE000
|
| Size: |
8192
|
|
|
4B70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326403066.0000000004B70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B70000
|
| Size: |
4096
|
|
|
4930000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1303131349.0000000004930000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4930000
|
| Size: |
4096
|
|
|
810000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433169009.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
810000
|
| Size: |
4096
|
|
|
4360000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313733941.0000000004360000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4360000
|
| Size: |
4096
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1242418540.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
10A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1263542395.00000000010A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A4000
|
| Size: |
4096
|
|
|
2CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408304356.0000000002CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CDE000
|
| Size: |
8192
|
|
|
45DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287959531.00000000045DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45DF000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251331230.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
A26000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311841426.0000000000A26000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A26000
|
| Size: |
94208
|
|
|
4AF2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288166195.0000000004AF2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AF2000
|
| Size: |
32768
|
|
|
367F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340201624.000000000367F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
367F000
|
| Size: |
4096
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1310813187.0000000000770000.00000004.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
770000
|
| Size: |
4096
|
|
|
10FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324802363.00000000010FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10FD000
|
| Size: |
12288
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1240910152.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
7D9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000004.00000002.1310922096.00000000007D9000.00000008.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7D9000
|
| Size: |
4096
|
|
|
4BD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1409539005.0000000004BD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BD0000
|
| Size: |
4096
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304109191.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
34C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000001.1225749677.000000000034C000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
image loaded
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
34C000
|
| Size: |
2052096
|
|
|
1638B7C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413885932.000001638B7C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1638B7C0000
|
| Size: |
12288
|
|
|
C8A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1433974415.0000000000C8A000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C8A000
|
| Size: |
4096
|
|
|
C30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407787377.0000000000C30000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C30000
|
| Size: |
4096
|
|
|
5160000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1278707837.0000000005160000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5160000
|
| Size: |
4096
|
|
|
A40000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1324436812.0000000000A40000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A40000
|
| Size: |
118784
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247739105.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
1A1000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000D.00000000.1342793881.00000000001A1000.00000080.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
1A1000
|
| Size: |
94208
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246396655.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
897C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288944793.000000000897C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
897C000
|
| Size: |
16384
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1298626889.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1300069305.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1264102788.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1352621977.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
1E6951C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1331619239.0000001E6951C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1E6951C000
|
| Size: |
16384
|
|
|
40BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340666756.00000000040BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40BE000
|
| Size: |
8192
|
|
|
13BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325017179.00000000013BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13BE000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250942944.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246991041.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
173000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1338018965.0000000000173000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
173000
|
| Size: |
20480
|
|
|
5040000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1314271695.0000000005040000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5040000
|
| Size: |
4096
|
|
|
3A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408886497.0000000003A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A9E000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248596219.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
27DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408100218.00000000027DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
27DE000
|
| Size: |
8192
|
|
|
6760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1434722740.0000000006760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6760000
|
| Size: |
8192
|
|
|
345F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312854967.000000000345F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
345F000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247515312.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
8192
|
|
|
9DD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311562975.00000000009DD000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9DD000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252579248.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
A87000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1324665322.0000000000A87000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A87000
|
| Size: |
8192
|
|
|
2F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339914304.0000000002F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F3E000
|
| Size: |
8192
|
|
|
D76000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000000.1231757182.0000000000D76000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D76000
|
| Size: |
12288
|
|
|
8AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433225579.00000000008AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8AE000
|
| Size: |
8192
|
|
|
421F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287802861.000000000421F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
421F000
|
| Size: |
4096
|
|
|
131000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000000.1289190379.0000000000131000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
131000
|
| Size: |
151552
|
|
|
52FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288578557.00000000052FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52FF000
|
| Size: |
4096
|
|
|
2BFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410395763.0000000002BFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BFD000
|
| Size: |
12288
|
|
|
956000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1433063908.0000000000956000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
956000
|
| Size: |
73728
|
|
|
11F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324848351.00000000011F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11F5000
|
| Size: |
8192
|
|
|
D60000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000000.1231757182.0000000000D60000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D60000
|
| Size: |
24576
|
|
|
2B1C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410298584.0000000002B1C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B1C000
|
| Size: |
16384
|
|
|
B3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433871315.0000000000B3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B3E000
|
| Size: |
8192
|
|
|
AC2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1284777861.0000000000AC2000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
AC2000
|
| Size: |
20480
|
|
|
9DD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1321529399.00000000009DD000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9DD000
|
| Size: |
4096
|
|
|
CBB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339076389.0000000000CBB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CBB000
|
| Size: |
8192
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1358094382.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407954549.0000000000F70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F70000
|
| Size: |
4096
|
|
|
771000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1270707407.0000000000771000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
771000
|
| Size: |
188416
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1277253089.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1264291171.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
341000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000001.00000000.1225251824.0000000000341000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
341000
|
| Size: |
28672
|
|
|
4F50000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1305195921.0000000004F50000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
4F50000
|
| Size: |
4096
|
|
|
569000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1407181233.0000000000569000.00000040.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
569000
|
| Size: |
946176
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3540000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1434579408.0000000003540000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3540000
|
| Size: |
4096
|
|
|
D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407815933.0000000000D10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D10000
|
| Size: |
4096
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1355888287.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
50E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000003.1244843030.00000000050E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
395E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408832944.000000000395E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
395E000
|
| Size: |
8192
|
|
|
930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433315270.0000000000930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
36864
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248872086.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
137E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324985762.000000000137E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
137E000
|
| Size: |
8192
|
|
|
2E9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342291140.0000000002E9C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E9C000
|
| Size: |
16384
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1303851795.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247029950.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246382177.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
5030000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1314225753.0000000005030000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5030000
|
| Size: |
4096
|
|
|
2F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312561008.0000000002F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F9E000
|
| Size: |
8192
|
|
|
3F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409115085.0000000003F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F9E000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252307799.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
3DD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1338164815.00000000003DD000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3DD000
|
| Size: |
102400
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247776444.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
2EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410491869.0000000002EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EAE000
|
| Size: |
8192
|
|
|
4A6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326358560.0000000004A6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A6E000
|
| Size: |
8192
|
|
|
1458000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286532377.0000000001458000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1458000
|
| Size: |
225280
|
|
|
5050000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1314290703.0000000005050000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5050000
|
| Size: |
4096
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304282985.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
4B71000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1277622668.0000000004B71000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B71000
|
| Size: |
4096
|
|
|
6A80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257157614.0000000006A80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A80000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250686078.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
348000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1409757199.0000000000348000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
348000
|
| Size: |
8192
|
|
|
C88000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433950848.0000000000C88000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C88000
|
| Size: |
8192
|
|
|
5170000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1288471557.0000000005170000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5170000
|
| Size: |
4096
|
|
|
37AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325652684.00000000037AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37AE000
|
| Size: |
8192
|
|
|
51E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326641625.00000000051E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51E0000
|
| Size: |
4096
|
|
|
341F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408586644.000000000341F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
341F000
|
| Size: |
4096
|
|
|
67AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288671808.00000000067AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67AF000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246974074.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
1432000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257649933.0000000001432000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1432000
|
| Size: |
86016
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1298128391.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
9D6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1321485721.00000000009D6000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9D6000
|
| Size: |
28672
|
|
|
44DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287938191.00000000044DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44DE000
|
| Size: |
8192
|
|
|
963000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1410741312.0000000000963000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
963000
|
| Size: |
106496
|
|
|
113A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1285994635.000000000113A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
113A000
|
| Size: |
24576
|
|
|
509E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341544257.000000000509E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
509E000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249692452.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
145D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251503182.000000000145D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
145D000
|
| Size: |
61440
|
|
|
4A1FECC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413650903.0000004A1FECC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A1FECC000
|
| Size: |
16384
|
|
|
C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339076389.0000000000C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C50000
|
| Size: |
36864
|
|
|
C9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339076389.0000000000C9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C9A000
|
| Size: |
8192
|
|
|
291E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408151972.000000000291E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
291E000
|
| Size: |
8192
|
|
|
267C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339529472.000000000267C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
267C000
|
| Size: |
16384
|
|
|
30A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1341741685.00000000030A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30A3000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248285081.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1242348966.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
3E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409049042.0000000003E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E5E000
|
| Size: |
8192
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000003.1270912411.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
8192
|
|
|
C61000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285136021.0000000000C61000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C61000
|
| Size: |
69632
|
|
|
279F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408073307.000000000279F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
279F000
|
| Size: |
4096
|
|
|
D30000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285762376.0000000000D30000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D30000
|
| Size: |
118784
|
|
|
48EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326288020.00000000048EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48EF000
|
| Size: |
4096
|
|
|
4920000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1303186017.0000000004920000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4920000
|
| Size: |
4096
|
|
|
A86000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000000.1257392261.0000000000A86000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A86000
|
| Size: |
12288
|
|
|
C8C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285271310.0000000000C8C000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C8C000
|
| Size: |
4096
|
|
|
AC9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000003.00000000.1231742473.0000000000AC9000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
AC9000
|
| Size: |
4096
|
|
|
2EF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325263602.0000000002EF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF0000
|
| Size: |
4096
|
|
|
462E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313880443.000000000462E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
462E000
|
| Size: |
8192
|
|
|
130000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.1289167720.0000000000130000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
130000
|
| Size: |
4096
|
|
|
A87000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311999731.0000000000A87000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A87000
|
| Size: |
8192
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243477235.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1352558927.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
4FF0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1314138616.0000000004FF0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
1458000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257398654.0000000001458000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1458000
|
| Size: |
225280
|
|
|
345E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408616397.000000000345E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
345E000
|
| Size: |
8192
|
|
|
2F27000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325291944.0000000002F27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F27000
|
| Size: |
8192
|
|
|
1415000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257895058.0000000001415000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1415000
|
| Size: |
106496
|
|
|
A70000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000000.1257392261.0000000000A70000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A70000
|
| Size: |
24576
|
|
|
3D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287483586.0000000003D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D1F000
|
| Size: |
4096
|
|
|
3EC000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1407181233.00000000003EC000.00000040.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3EC000
|
| Size: |
1552384
|
|
|
512F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326456699.000000000512F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
512F000
|
| Size: |
4096
|
|
|
A71000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1324540114.0000000000A71000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A71000
|
| Size: |
16384
|
|
|
C30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339052223.0000000000C30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C30000
|
| Size: |
4096
|
|
|
4B6D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341091242.0000000004B6D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B6D000
|
| Size: |
12288
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1362113184.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
1476000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252103786.0000000001476000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1476000
|
| Size: |
36864
|
|
|
51F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326663341.00000000051F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51F0000
|
| Size: |
4096
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1353958545.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
4930000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1302980785.0000000004930000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4930000
|
| Size: |
8192
|
|
|
2ADC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410259994.0000000002ADC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ADC000
|
| Size: |
16384
|
|
|
31DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312708303.00000000031DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31DF000
|
| Size: |
4096
|
|
|
D14000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285740086.0000000000D14000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D14000
|
| Size: |
8192
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304404801.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247070473.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
28FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339639945.00000000028FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
28FE000
|
| Size: |
8192
|
|
|
166A3180000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1331813065.00000166A3180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166A3180000
|
| Size: |
28672
|
|
|
34EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325525927.00000000034EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34EF000
|
| Size: |
4096
|
|
|
771000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000000.1257237731.0000000000771000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
771000
|
| Size: |
188416
|
|
|
37BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340257814.00000000037BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37BF000
|
| Size: |
4096
|
|
|
381F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287193476.000000000381F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
381F000
|
| Size: |
4096
|
|
|
944000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1319583878.0000000000944000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
944000
|
| Size: |
94208
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1264352469.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
475E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288026571.000000000475E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
475E000
|
| Size: |
8192
|
|
|
10A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1265610278.00000000010A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A4000
|
| Size: |
4096
|
|
|
46A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1352425423.00000000046A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46A0000
|
| Size: |
192512
|
|
|
CE7000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285545003.0000000000CE7000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CE7000
|
| Size: |
12288
|
|
|
4B71000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1277442621.0000000004B71000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B71000
|
| Size: |
258048
|
|
|
D53000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000000.1231757182.0000000000D53000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D53000
|
| Size: |
4096
|
|
|
41A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000002.1338641613.000000000041A000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
41A000
|
| Size: |
1642496
|
|
|
2C7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339775998.0000000002C7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C7F000
|
| Size: |
4096
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1300534207.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
45A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1352507846.00000000045A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45A1000
|
| Size: |
49152
|
|
|
355F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408645448.000000000355F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
355F000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000003.1270941501.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
29FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339665567.00000000029FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29FF000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246617649.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000003.1271009608.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
10A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1263662747.00000000010A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A4000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252394615.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4B71000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1277517059.0000000004B71000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B71000
|
| Size: |
4096
|
|
|
51D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326617372.00000000051D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51D0000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247655782.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
953000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1433019118.0000000000953000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
953000
|
| Size: |
4096
|
|
|
47F2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1302818817.00000000047F2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
47F2000
|
| Size: |
20480
|
|
|
110E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312122620.000000000110E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
110E000
|
| Size: |
8192
|
|
|
449E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409344243.000000000449E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
449E000
|
| Size: |
8192
|
|
|
48EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340931798.00000000048EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48EF000
|
| Size: |
4096
|
|
|
182000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000000.1289224987.0000000000182000.00000008.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
182000
|
| Size: |
4096
|
|
|
9EE000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311654410.00000000009EE000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9EE000
|
| Size: |
36864
|
|
|
99D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1321353728.000000000099D000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
99D000
|
| Size: |
77824
|
|
|
36DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408720297.00000000036DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36DE000
|
| Size: |
8192
|
|
|
51A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326553322.00000000051A0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51A0000
|
| Size: |
4096
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304185659.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
335E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312829685.000000000335E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
335E000
|
| Size: |
8192
|
|
|
45EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313843107.00000000045EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45EF000
|
| Size: |
4096
|
|
|
13D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286315409.00000000013D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D0000
|
| Size: |
65536
|
|
|
323F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342540985.000000000323F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
323F000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247439351.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248246076.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
CB6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285354817.0000000000CB6000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CB6000
|
| Size: |
16384
|
|
|
770000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1257174862.0000000000770000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
770000
|
| Size: |
4096
|
|
|
359F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286988970.000000000359F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
359F000
|
| Size: |
4096
|
|
|
C8B000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285249332.0000000000C8B000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C8B000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1240724774.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
49C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1263512048.00000000049C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49C1000
|
| Size: |
49152
|
|
|
2E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312508294.0000000002E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E5E000
|
| Size: |
8192
|
|
|
9C6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1321409803.00000000009C6000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9C6000
|
| Size: |
16384
|
|
|
459F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409371012.000000000459F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
459F000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248207283.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
50E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000003.1244805201.00000000050E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50E0000
|
| Size: |
8192
|
|
|
99A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1321304288.000000000099A000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
99A000
|
| Size: |
8192
|
|
|
4F8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1314084879.0000000004F8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F8F000
|
| Size: |
4096
|
|
|
4930000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1303082313.0000000004930000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4930000
|
| Size: |
4096
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1298376443.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
145D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252028426.000000000145D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
145D000
|
| Size: |
86016
|
|
|
D67000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285903956.0000000000D67000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D67000
|
| Size: |
40960
|
|
|
416F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325993335.000000000416F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
416F000
|
| Size: |
4096
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1265413853.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
31BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340027860.00000000031BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31BE000
|
| Size: |
8192
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243357964.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
13D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325045921.00000000013D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D0000
|
| Size: |
36864
|
|
|
2B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410332067.0000000002B80000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B80000
|
| Size: |
4096
|
|
|
165E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286587904.000000000165E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
165E000
|
| Size: |
8192
|
|
|
7E7000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1310971822.00000000007E7000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
7E7000
|
| Size: |
1421312
|
|
|
1450000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257398654.0000000001450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
28672
|
|
|
166A3425000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1331864212.00000166A3425000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166A3425000
|
| Size: |
12288
|
|
|
3D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408997230.0000000003D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D1E000
|
| Size: |
8192
|
|
|
ACB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1284879880.0000000000ACB000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
ACB000
|
| Size: |
49152
|
|
|
103B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1285974511.000000000103B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
103B000
|
| Size: |
20480
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249429586.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249916350.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
2CBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339803823.0000000002CBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CBE000
|
| Size: |
8192
|
|
|
65A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257272986.00000000065A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
65A0000
|
| Size: |
8192
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1359904539.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
425E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313463765.000000000425E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
425E000
|
| Size: |
8192
|
|
|
166A4B40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1331933521.00000166A4B40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166A4B40000
|
| Size: |
4096
|
|
|
31FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342514128.00000000031FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31FE000
|
| Size: |
8192
|
|
|
13DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325045921.00000000013DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13DB000
|
| Size: |
131072
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247625220.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
C72000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285160878.0000000000C72000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C72000
|
| Size: |
8192
|
|
|
435F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313496821.000000000435F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
435F000
|
| Size: |
4096
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1276378981.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1240767778.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
2EC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410526572.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
20480
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247135702.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1301778457.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
262144
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1265180878.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
1432000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1258853508.0000000001432000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1432000
|
| Size: |
86016
|
|
|
41BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340696767.00000000041BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41BF000
|
| Size: |
4096
|
|
|
A5F000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1270813988.0000000000A5F000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A5F000
|
| Size: |
4096
|
|
|
9E1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1321634557.00000000009E1000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9E1000
|
| Size: |
36864
|
|
|
51C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326595409.00000000051C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51C0000
|
| Size: |
4096
|
|
|
C80000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1221178823.0000000000C80000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C80000
|
| Size: |
4096
|
|
|
50E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000003.1244888282.00000000050E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304887516.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
4A6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409449095.0000000004A6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A6E000
|
| Size: |
8192
|
|
|
9D6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311535698.00000000009D6000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9D6000
|
| Size: |
28672
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304829517.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
38AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325678430.00000000038AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38AF000
|
| Size: |
4096
|
|
|
140E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257736705.000000000140E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
140E000
|
| Size: |
8192
|
|
|
319F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408479094.000000000319F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
319F000
|
| Size: |
4096
|
|
|
A40000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311841426.0000000000A40000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A40000
|
| Size: |
118784
|
|
|
4F60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244136850.0000000004F60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4F60000
|
| Size: |
53248
|
|
|
4930000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1303057364.0000000004930000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4930000
|
| Size: |
4096
|
|
|
89D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1253288761.00000000089D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
89D8000
|
| Size: |
40960
|
|
|
84A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1228959671.000000000084A000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
84A000
|
| Size: |
4096
|
|
|
800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433150570.0000000000800000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
800000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249519883.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4CEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341403325.0000000004CEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CEE000
|
| Size: |
8192
|
|
|
A80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1338924524.0000000000A80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A80000
|
| Size: |
8192
|
|
|
4FC1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244429209.0000000004FC1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4FC1000
|
| Size: |
16384
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000003.1270989026.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
8CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407731410.00000000008CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8CC000
|
| Size: |
16384
|
|
|
9EA000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311625546.00000000009EA000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9EA000
|
| Size: |
16384
|
|
|
7D9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000002.1318884070.00000000007D9000.00000008.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7D9000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249580476.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
520F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341605813.000000000520F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
520F000
|
| Size: |
4096
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1265300731.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248760373.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
349E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312881212.000000000349E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
349E000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246420826.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
144A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251539452.000000000144A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
144A000
|
| Size: |
77824
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247474860.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
8192
|
|
|
3555000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1434604612.0000000003555000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3555000
|
| Size: |
12288
|
|
|
693000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000D.00000002.1407547352.0000000000693000.00000080.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
693000
|
| Size: |
1687552
|
|
|
321E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312776911.000000000321E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
321E000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248964055.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
5160000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1278769494.0000000005160000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5160000
|
| Size: |
4096
|
|
|
37FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340285732.00000000037FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37FE000
|
| Size: |
8192
|
|
|
4BFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1228533035.0000000004BFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4BFA000
|
| Size: |
2101248
|
|
|
65A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257272986.00000000065A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
65A6000
|
| Size: |
4096
|
|
|
1410000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257649933.0000000001410000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1410000
|
| Size: |
126976
|
|
|
82F000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1407681012.000000000082F000.00000040.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
82F000
|
| Size: |
4096
|
|
|
D19000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1331453556.0000000000D19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D19000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
9FF000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1324348983.00000000009FF000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9FF000
|
| Size: |
32768
|
|
|
9CA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311511303.00000000009CA000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9CA000
|
| Size: |
49152
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246632230.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
83C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1338840888.000000000083C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
83C000
|
| Size: |
16384
|
|
|
1451000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286532377.0000000001451000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1451000
|
| Size: |
24576
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247162221.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
2EAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325210209.0000000002EAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EAE000
|
| Size: |
8192
|
|
|
36DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287066621.00000000036DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36DF000
|
| Size: |
4096
|
|
|
1250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286052906.0000000001250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1250000
|
| Size: |
8192
|
|
|
CEA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285597752.0000000000CEA000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CEA000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251115484.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
A86000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1324641698.0000000000A86000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A86000
|
| Size: |
4096
|
|
|
68AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288694003.00000000068AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
68AF000
|
| Size: |
4096
|
|
|
40DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409176136.00000000040DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40DE000
|
| Size: |
8192
|
|
|
3ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287407476.0000000003ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ADE000
|
| Size: |
8192
|
|
|
407F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340640636.000000000407F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
407F000
|
| Size: |
4096
|
|
|
47B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1302818817.00000000047B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
47B0000
|
| Size: |
266240
|
|
|
1458000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257803040.0000000001458000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1458000
|
| Size: |
225280
|
|
|
4950000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1341017458.0000000004950000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4950000
|
| Size: |
4096
|
|
|
9A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1338898347.00000000009A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9A0000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247274804.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
32BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340052200.00000000032BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32BF000
|
| Size: |
4096
|
|
|
466F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326189967.000000000466F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
466F000
|
| Size: |
4096
|
|
|
3CAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325830064.0000000003CAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CAE000
|
| Size: |
8192
|
|
|
3DAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325853190.0000000003DAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DAF000
|
| Size: |
4096
|
|
|
309E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408453517.000000000309E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
309E000
|
| Size: |
8192
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1352653331.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
C84000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285227091.0000000000C84000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C84000
|
| Size: |
28672
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304248168.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246949579.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
302000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1338164815.0000000000302000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
302000
|
| Size: |
884736
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1240750158.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
47AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326239192.00000000047AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47AF000
|
| Size: |
4096
|
|
|
3A3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340371690.0000000003A3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A3F000
|
| Size: |
4096
|
|
|
391F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408803291.000000000391F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
391F000
|
| Size: |
4096
|
|
|
166A3188000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1331813065.00000166A3188000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166A3188000
|
| Size: |
94208
|
|
|
3BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313202989.0000000003BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BDF000
|
| Size: |
4096
|
|
|
4EBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1224688996.0000000004EBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EBE000
|
| Size: |
909312
|
|
|
305F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408427127.000000000305F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
305F000
|
| Size: |
4096
|
|
|
89E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1253288761.00000000089E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
89E6000
|
| Size: |
159744
|
|
|
4930000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1303108597.0000000004930000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4930000
|
| Size: |
4096
|
|
|
419000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000B.00000000.1289265983.0000000000419000.00000080.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
419000
|
| Size: |
1658880
|
|
|
1638B7C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413885932.000001638B7C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1638B7C5000
|
| Size: |
12288
|
|
|
182000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000002.1338130849.0000000000182000.00000008.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
182000
|
| Size: |
4096
|
|
|
47EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340904403.00000000047EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47EE000
|
| Size: |
8192
|
|
|
2E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325185131.0000000002E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E6F000
|
| Size: |
4096
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366829053.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
456E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326165865.000000000456E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
456E000
|
| Size: |
8192
|
|
|
38FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340312964.00000000038FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38FF000
|
| Size: |
4096
|
|
|
38EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325699706.00000000038EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38EE000
|
| Size: |
8192
|
|
|
2B7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339748764.0000000002B7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B7E000
|
| Size: |
8192
|
|
|
321E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286792521.000000000321E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
321E000
|
| Size: |
8192
|
|
|
89C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1253288761.00000000089C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
89C0000
|
| Size: |
4096
|
|
|
3F7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340614477.0000000003F7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F7E000
|
| Size: |
8192
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1355315110.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246782134.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
942000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1319510808.0000000000942000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
942000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247217338.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
3FDD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313363340.0000000003FDD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FDD000
|
| Size: |
12288
|
|
|
32DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408532495.00000000032DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32DF000
|
| Size: |
4096
|
|
|
3BDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408939928.0000000003BDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BDE000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248986806.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246491742.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4A20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1363581158.0000000004A20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
53248
|
|
|
49C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1272687915.00000000049C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49C1000
|
| Size: |
49152
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1318658684.0000000000770000.00000004.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
770000
|
| Size: |
4096
|
|
|
130000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1337983171.0000000000130000.00000004.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
130000
|
| Size: |
4096
|
|
|
28BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339615743.00000000028BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
28BF000
|
| Size: |
4096
|
|
|
10A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1272756663.00000000010A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A4000
|
| Size: |
4096
|
|
|
1432000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286483292.0000000001432000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1432000
|
| Size: |
86016
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304038355.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
9CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407760256.00000000009CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9CC000
|
| Size: |
16384
|
|
|
4ADF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288143668.0000000004ADF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4ADF000
|
| Size: |
4096
|
|
|
5110000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1288343295.0000000005110000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5110000
|
| Size: |
4096
|
|
|
7DB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000000.1257392261.00000000007DB000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
7DB000
|
| Size: |
1613824
|
|
|
2CDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312408159.0000000002CDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CDF000
|
| Size: |
4096
|
|
|
3A2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325741401.0000000003A2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A2E000
|
| Size: |
8192
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1263939192.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
489E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288068950.000000000489E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
489E000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247010478.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246473155.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250752736.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
3D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313274026.0000000003D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D5E000
|
| Size: |
8192
|
|
|
13A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286315409.00000000013A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A3000
|
| Size: |
180224
|
|
|
2A3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339691173.0000000002A3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A3E000
|
| Size: |
8192
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.1364055139.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
8192
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1300304736.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
A77000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311960791.0000000000A77000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A77000
|
| Size: |
40960
|
|
|
253E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339481830.000000000253E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
253E000
|
| Size: |
8192
|
|
|
CC6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285405141.0000000000CC6000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CC6000
|
| Size: |
28672
|
|
|
2BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312377958.0000000002BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BDF000
|
| Size: |
4096
|
|
|
45A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366766383.00000000045A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45A1000
|
| Size: |
49152
|
|
|
84A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1341922695.000000000084A000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
84A000
|
| Size: |
4096
|
|
|
116E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312248496.000000000116E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
116E000
|
| Size: |
8192
|
|
|
5180000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326507446.0000000005180000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5180000
|
| Size: |
4096
|
|
|
317F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339996031.000000000317F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
317F000
|
| Size: |
4096
|
|
|
1638B480000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413791590.000001638B480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1638B480000
|
| Size: |
8192
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1297876527.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
5190000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326530478.0000000005190000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5190000
|
| Size: |
4096
|
|
|
1390000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286315409.0000000001390000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1390000
|
| Size: |
73728
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252355904.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
942000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311121029.0000000000942000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
942000
|
| Size: |
8192
|
|
|
117A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312270959.000000000117A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
117A000
|
| Size: |
32768
|
|
|
5000000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1314160059.0000000005000000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5000000
|
| Size: |
4096
|
|
|
7D2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1318726698.00000000007D2000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7D2000
|
| Size: |
20480
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251041955.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247091588.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
898D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1253288761.000000000898D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
898D000
|
| Size: |
204800
|
|
|
3EEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325901039.0000000003EEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EEF000
|
| Size: |
4096
|
|
|
848000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1341890252.0000000000848000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
848000
|
| Size: |
8192
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243528346.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366892689.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
4A2027F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413731314.0000004A2027F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A2027F000
|
| Size: |
4096
|
|
|
10A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1272734264.00000000010A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A4000
|
| Size: |
4096
|
|
|
411E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313418663.000000000411E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
411E000
|
| Size: |
8192
|
|
|
348000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000001.00000000.1225271626.0000000000348000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
348000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249091291.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
C80000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1433895005.0000000000C80000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C80000
|
| Size: |
4096
|
|
|
967000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311173465.0000000000967000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
967000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
840000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1228910414.0000000000840000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
840000
|
| Size: |
4096
|
|
|
4E2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341454837.0000000004E2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E2E000
|
| Size: |
8192
|
|
|
993000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1321251608.0000000000993000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
993000
|
| Size: |
4096
|
|
|
2F1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408376509.0000000002F1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F1F000
|
| Size: |
4096
|
|
|
357E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340178116.000000000357E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
357E000
|
| Size: |
8192
|
|
|
435F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287863536.000000000435F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
435F000
|
| Size: |
4096
|
|
|
A61000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000000.1257392261.0000000000A61000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A61000
|
| Size: |
4096
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1299128568.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
1451000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257803040.0000000001451000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1451000
|
| Size: |
24576
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1240224399.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
41FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340725091.00000000041FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41FE000
|
| Size: |
8192
|
|
|
2F5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312532747.0000000002F5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F5F000
|
| Size: |
4096
|
|
|
3E5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313295436.0000000003E5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E5F000
|
| Size: |
4096
|
|
|
2E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410424668.0000000002E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E3E000
|
| Size: |
8192
|
|
|
1170000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286025306.0000000001170000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1170000
|
| Size: |
4096
|
|
|
34C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1409787592.000000000034C000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
34C000
|
| Size: |
5500928
|
|
|
2EF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342319843.0000000002EF0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EF0000
|
| Size: |
4096
|
|
|
5120000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1288365386.0000000005120000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5120000
|
| Size: |
4096
|
|
|
11F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324848351.00000000011F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11F0000
|
| Size: |
16384
|
|
|
12A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286079893.00000000012A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A0000
|
| Size: |
16384
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246312333.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248676113.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
CD1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285470630.0000000000CD1000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CD1000
|
| Size: |
36864
|
|
|
5200000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326684583.0000000005200000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5200000
|
| Size: |
4096
|
|
|
4CAC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341372651.0000000004CAC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CAC000
|
| Size: |
16384
|
|
|
4E50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1267381360.0000000004E50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E50000
|
| Size: |
53248
|
|
|
4AE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288166195.0000000004AE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE0000
|
| Size: |
45056
|
|
|
49AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1314015531.00000000049AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49AF000
|
| Size: |
4096
|
|
|
9FA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311705950.00000000009FA000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9FA000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247356328.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1276188314.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247053674.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
461E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287982275.000000000461E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
461E000
|
| Size: |
8192
|
|
|
ACB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000000.1231757182.0000000000ACB000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
ACB000
|
| Size: |
1613824
|
|
|
40DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287728647.00000000040DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40DF000
|
| Size: |
4096
|
|
|
10A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1263594956.00000000010A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A4000
|
| Size: |
4096
|
|
|
349E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286957948.000000000349E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
349E000
|
| Size: |
8192
|
|
|
34A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000000.1225286356.000000000034A000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
34A000
|
| Size: |
4096
|
|
|
982000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311281005.0000000000982000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
982000
|
| Size: |
8192
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1299750056.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
486F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313965895.000000000486F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
486F000
|
| Size: |
4096
|
|
|
2FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1228697520.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FF0000
|
| Size: |
81920
|
|
|
7DB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1270813988.00000000007DB000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
7DB000
|
| Size: |
1613824
|
|
|
69AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288716058.00000000069AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
69AF000
|
| Size: |
4096
|
|
|
3D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313250478.0000000003D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D1F000
|
| Size: |
4096
|
|
|
11D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324826116.00000000011D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
472F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313912033.000000000472F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
472F000
|
| Size: |
4096
|
|
|
848000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000000.1228945734.0000000000848000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
848000
|
| Size: |
4096
|
|
|
30A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1231505017.00000000030A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30A0000
|
| Size: |
81920
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250834460.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246354060.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250386738.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
5170000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326482209.0000000005170000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5170000
|
| Size: |
4096
|
|
|
4330000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340811263.0000000004330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4330000
|
| Size: |
4096
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000003.1270961773.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
123E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324925449.000000000123E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
123E000
|
| Size: |
8192
|
|
|
1060000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312065951.0000000001060000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1060000
|
| Size: |
4096
|
|
|
499F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288092341.000000000499F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
499F000
|
| Size: |
4096
|
|
|
4E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1314059528.0000000004E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E8E000
|
| Size: |
8192
|
|
|
2E1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312469312.0000000002E1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E1F000
|
| Size: |
4096
|
|
|
409F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409147576.000000000409F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
409F000
|
| Size: |
4096
|
|
|
984000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1321210965.0000000000984000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
984000
|
| Size: |
61440
|
|
|
CBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339076389.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CBE000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
94F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1224921218.000000000094F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
94F000
|
| Size: |
49152
|
|
|
9FB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1323024821.00000000009FB000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9FB000
|
| Size: |
12288
|
|
|
48AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313990197.00000000048AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48AE000
|
| Size: |
8192
|
|
|
3DFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340535398.0000000003DFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DFF000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248729835.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
362F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325581200.000000000362F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
362F000
|
| Size: |
4096
|
|
|
84C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1341922695.000000000084C000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
84C000
|
| Size: |
3620864
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1276248674.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
CDE000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285521510.0000000000CDE000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CDE000
|
| Size: |
36864
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1263883487.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
1638D140000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413928790.000001638D140000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1638D140000
|
| Size: |
4096
|
|
|
841000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1341857562.0000000000841000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
841000
|
| Size: |
28672
|
|
|
4FD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000003.1271034880.0000000004FD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FD0000
|
| Size: |
4096
|
|
|
89D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1253288761.00000000089D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
89D1000
|
| Size: |
24576
|
|
|
137E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286231269.000000000137E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
137E000
|
| Size: |
8192
|
|
|
1A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000D.00000000.1342770565.00000000001A0000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1A0000
|
| Size: |
4096
|
|
|
5190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288512309.0000000005190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5190000
|
| Size: |
4096
|
|
|
42FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340753896.00000000042FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42FF000
|
| Size: |
4096
|
|
|
653000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1407181233.0000000000653000.00000040.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
653000
|
| Size: |
106496
|
|
|
33FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340099056.00000000033FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33FF000
|
| Size: |
4096
|
|
|
4900000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1303207394.0000000004900000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4900000
|
| Size: |
4096
|
|
|
95B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311173465.000000000095B000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
95B000
|
| Size: |
40960
|
|
|
D65000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285882471.0000000000D65000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D65000
|
| Size: |
4096
|
|
|
5020000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1314207656.0000000005020000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5020000
|
| Size: |
4096
|
|
|
50EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288280941.00000000050EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50EE000
|
| Size: |
8192
|
|
|
5060000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1314310577.0000000005060000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5060000
|
| Size: |
4096
|
|
|
9CA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1321443753.00000000009CA000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9CA000
|
| Size: |
49152
|
|
|
1455000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252131804.0000000001455000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1455000
|
| Size: |
8192
|
|
|
4F50000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1305217704.0000000004F50000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
4F50000
|
| Size: |
4096
|
|
|
1638B4A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413812844.000001638B4A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1638B4A0000
|
| Size: |
4096
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243043178.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1277186199.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339427572.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EE0000
|
| Size: |
20480
|
|
|
A61000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1270813988.0000000000A61000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A61000
|
| Size: |
4096
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1284733558.0000000000A60000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A60000
|
| Size: |
4096
|
|
|
8EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433261331.00000000008EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8EE000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1240817222.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246567991.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
6A90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1256658103.0000000006A90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A90000
|
| Size: |
8192
|
|
|
376F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325629725.000000000376F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
376F000
|
| Size: |
4096
|
|
|
10A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1263568212.00000000010A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A4000
|
| Size: |
4096
|
|
|
331F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286829353.000000000331F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
331F000
|
| Size: |
4096
|
|
|
1183000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312270959.0000000001183000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1183000
|
| Size: |
147456
|
|
|
DB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407869688.0000000000DB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB0000
|
| Size: |
16384
|
|
|
144A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257398654.000000000144A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
144A000
|
| Size: |
8192
|
|
|
3F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287645751.0000000003F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F9F000
|
| Size: |
4096
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1276489956.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
10A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1263825546.00000000010A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A4000
|
| Size: |
4096
|
|
|
65A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257008825.00000000065A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
65A5000
|
| Size: |
8192
|
|
|
47B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1302441623.00000000047B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
47B0000
|
| Size: |
53248
|
|
|
2E9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286673467.0000000002E9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E9F000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252750127.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252807697.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4BC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1409511388.0000000004BC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BC0000
|
| Size: |
4096
|
|
|
C1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339028129.0000000000C1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C1F000
|
| Size: |
4096
|
|
|
F60000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407898979.0000000000F60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F60000
|
| Size: |
20480
|
|
|
9DE000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1321609238.00000000009DE000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9DE000
|
| Size: |
12288
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1275880019.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
DD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324766570.0000000000DD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DD0000
|
| Size: |
4096
|
|
|
3ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313175611.0000000003ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3ADE000
|
| Size: |
8192
|
|
|
CCE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339331118.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CCE000
|
| Size: |
20480
|
|
|
5160000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1278746768.0000000005160000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5160000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246914391.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
402F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325944045.000000000402F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
402F000
|
| Size: |
4096
|
|
|
9E1000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311606746.00000000009E1000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9E1000
|
| Size: |
36864
|
|
|
133F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324958365.000000000133F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
133F000
|
| Size: |
4096
|
|
|
692000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000D.00000000.1342907312.0000000000692000.00000080.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
692000
|
| Size: |
1703936
|
|
|
DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324734810.0000000000DA0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA0000
|
| Size: |
4096
|
|
|
2E5C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342259086.0000000002E5C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E5C000
|
| Size: |
16384
|
|
|
C34000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285035226.0000000000C34000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C34000
|
| Size: |
94208
|
|
|
435E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409289720.000000000435E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
435E000
|
| Size: |
8192
|
|
|
96B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433579398.000000000096B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
96B000
|
| Size: |
57344
|
|
|
A26000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1324436812.0000000000A26000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A26000
|
| Size: |
94208
|
|
|
309F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312625209.000000000309F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
309F000
|
| Size: |
4096
|
|
|
7D9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000007.00000000.1270799675.00000000007D9000.00000008.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7D9000
|
| Size: |
4096
|
|
|
34C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000000.1225286356.000000000034C000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
34C000
|
| Size: |
5500928
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1239826396.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
49152
|
|
|
50C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000003.1244973394.00000000050C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50C0000
|
| Size: |
4096
|
|
|
51F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288533605.00000000051F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51F0000
|
| Size: |
8192
|
|
|
33EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325499890.00000000033EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33EE000
|
| Size: |
8192
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1352588047.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243751106.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
D16000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285762376.0000000000D16000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D16000
|
| Size: |
94208
|
|
|
166A30A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1331789442.00000166A30A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166A30A0000
|
| Size: |
4096
|
|
|
166A2FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1331712219.00000166A2FA0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166A2FA0000
|
| Size: |
4096
|
|
|
9F7000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311680277.00000000009F7000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9F7000
|
| Size: |
12288
|
|
|
2C9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408280548.0000000002C9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C9F000
|
| Size: |
4096
|
|
|
34A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1409787592.000000000034A000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
34A000
|
| Size: |
4096
|
|
|
4A1FF4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413682834.0000004A1FF4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A1FF4F000
|
| Size: |
4096
|
|
|
140F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286467309.000000000140F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
140F000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248843784.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
431F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409261505.000000000431F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
431F000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250896083.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304735531.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247189115.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
371E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313021767.000000000371E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
371E000
|
| Size: |
8192
|
|
|
31BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342484942.00000000031BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31BE000
|
| Size: |
8192
|
|
|
263F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339506582.000000000263F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
263F000
|
| Size: |
4096
|
|
|
32AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325450271.00000000032AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32AE000
|
| Size: |
8192
|
|
|
4A6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341065658.0000000004A6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A6E000
|
| Size: |
8192
|
|
|
6FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288891961.0000000006FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FD0000
|
| Size: |
86016
|
|
|
3F3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340591166.0000000003F3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F3F000
|
| Size: |
4096
|
|
|
3FDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287693874.0000000003FDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FDE000
|
| Size: |
8192
|
|
|
69D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288736577.00000000069D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
69D0000
|
| Size: |
4096
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1265235974.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
4F60000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1244236344.0000000004F60000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4F60000
|
| Size: |
53248
|
|
|
31DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286768819.00000000031DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31DF000
|
| Size: |
4096
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366858521.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
2B5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408228893.0000000002B5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B5F000
|
| Size: |
4096
|
|
|
4760000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1299424666.0000000004760000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4760000
|
| Size: |
192512
|
|
|
C83000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285206069.0000000000C83000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C83000
|
| Size: |
4096
|
|
|
CD3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1331508845.0000000000CD3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CD3000
|
| Size: |
286720
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1352395593.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
166A3080000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1331765275.00000166A3080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166A3080000
|
| Size: |
8192
|
|
|
2D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312435204.0000000002D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D1E000
|
| Size: |
8192
|
|
|
AD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1338946606.0000000000AD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD0000
|
| Size: |
16384
|
|
|
439E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287890489.000000000439E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
439E000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246269507.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
49152
|
|
|
341000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000001.00000002.1409726881.0000000000341000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
341000
|
| Size: |
28672
|
|
|
4BA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.1364124151.0000000004BA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BA0000
|
| Size: |
4096
|
|
|
5100000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1288322777.0000000005100000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5100000
|
| Size: |
4096
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366930081.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
CD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339360250.0000000000CD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CD5000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248050369.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1356540314.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
2DBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339833212.0000000002DBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DBF000
|
| Size: |
4096
|
|
|
399E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313126273.000000000399E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
399E000
|
| Size: |
8192
|
|
|
7D9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000004.00000000.1257371777.00000000007D9000.00000008.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7D9000
|
| Size: |
4096
|
|
|
1680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286609586.0000000001680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1680000
|
| Size: |
20480
|
|
|
C60000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285113881.0000000000C60000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C60000
|
| Size: |
4096
|
|
|
D51000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000000.1231757182.0000000000D51000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D51000
|
| Size: |
4096
|
|
|
9B0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1321382795.00000000009B0000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9B0000
|
| Size: |
90112
|
|
|
4DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341429304.0000000004DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DEE000
|
| Size: |
8192
|
|
|
41DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409206338.00000000041DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41DF000
|
| Size: |
4096
|
|
|
99D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311430177.000000000099D000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
99D000
|
| Size: |
77824
|
|
|
A5F000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000000.1257392261.0000000000A5F000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A5F000
|
| Size: |
4096
|
|
|
10A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1263754449.00000000010A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A4000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252253316.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249279365.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
EE7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339427572.0000000000EE7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EE7000
|
| Size: |
12288
|
|
|
331E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408561139.000000000331E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
331E000
|
| Size: |
8192
|
|
|
A24000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311819638.0000000000A24000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A24000
|
| Size: |
8192
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1264450182.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
50A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1224688996.00000000050A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
50A7000
|
| Size: |
40960
|
|
|
D76000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285926873.0000000000D76000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D76000
|
| Size: |
4096
|
|
|
C81000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1433926128.0000000000C81000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
C81000
|
| Size: |
28672
|
|
|
984000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311313413.0000000000984000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
984000
|
| Size: |
61440
|
|
|
4910000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1303163117.0000000004910000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4910000
|
| Size: |
4096
|
|
|
1432000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257895058.0000000001432000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1432000
|
| Size: |
86016
|
|
|
12EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286106298.00000000012EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12EE000
|
| Size: |
8192
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1301530245.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247249832.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
1110000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312151249.0000000001110000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1110000
|
| Size: |
20480
|
|
|
335E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286864296.000000000335E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
335E000
|
| Size: |
8192
|
|
|
C8C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1433974415.0000000000C8C000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C8C000
|
| Size: |
7163904
|
|
|
5070000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1314331720.0000000005070000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5070000
|
| Size: |
4096
|
|
|
C32000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285015178.0000000000C32000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C32000
|
| Size: |
8192
|
|
|
3E5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287546160.0000000003E5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E5F000
|
| Size: |
4096
|
|
|
9FA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1322723156.00000000009FA000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9FA000
|
| Size: |
4096
|
|
|
1117000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312151249.0000000001117000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1117000
|
| Size: |
12288
|
|
|
841000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000000.1228925718.0000000000841000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
841000
|
| Size: |
28672
|
|
|
5160000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1278791235.0000000005160000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5160000
|
| Size: |
4096
|
|
|
6E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288845656.0000000006E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E3E000
|
| Size: |
8192
|
|
|
371E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287127237.000000000371E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
371E000
|
| Size: |
8192
|
|
|
C81000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1221196327.0000000000C81000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
C81000
|
| Size: |
28672
|
|
|
6764000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1434722740.0000000006764000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6764000
|
| Size: |
8192
|
|
|
10A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312100616.00000000010A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A0000
|
| Size: |
16384
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1240800738.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304692734.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
5180000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1288491530.0000000005180000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5180000
|
| Size: |
4096
|
|
|
366E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325609156.000000000366E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
366E000
|
| Size: |
8192
|
|
|
95B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1319780323.000000000095B000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
95B000
|
| Size: |
40960
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1360953719.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
1170000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312270959.0000000001170000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1170000
|
| Size: |
32768
|
|
|
993000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311334517.0000000000993000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
993000
|
| Size: |
4096
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304348308.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
9FE000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311741917.00000000009FE000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9FE000
|
| Size: |
4096
|
|
|
1473000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251503182.0000000001473000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1473000
|
| Size: |
4096
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1242805653.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
381F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313048996.000000000381F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
381F000
|
| Size: |
4096
|
|
|
385E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313073548.000000000385E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
385E000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246599765.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
865000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433185999.0000000000865000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
865000
|
| Size: |
8192
|
|
|
42AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326042881.00000000042AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42AF000
|
| Size: |
4096
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304617233.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
421F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313442257.000000000421F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
421F000
|
| Size: |
4096
|
|
|
7BA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1434758004.0000000007BA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BA0000
|
| Size: |
4096
|
|
|
359E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408669845.000000000359E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
359E000
|
| Size: |
8192
|
|
|
47AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340875078.00000000047AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47AE000
|
| Size: |
8192
|
|
|
770000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1270643369.0000000000770000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
770000
|
| Size: |
4096
|
|
|
31DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408506804.00000000031DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31DE000
|
| Size: |
8192
|
|
|
1638B540000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413836456.000001638B540000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1638B540000
|
| Size: |
24576
|
|
|
4BAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341281968.0000000004BAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4BAE000
|
| Size: |
8192
|
|
|
4F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243167384.0000000004F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F20000
|
| Size: |
188416
|
|
|
4A1FFCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413706534.0000004A1FFCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A1FFCF000
|
| Size: |
4096
|
|
|
9B0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311461513.00000000009B0000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9B0000
|
| Size: |
90112
|
|
|
340000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1409700240.0000000000340000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
340000
|
| Size: |
4096
|
|
|
4F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288233937.0000000004F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F9E000
|
| Size: |
8192
|
|
|
7E7000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1318971339.00000000007E7000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
7E7000
|
| Size: |
1421312
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247320689.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
471F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288005942.000000000471F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
471F000
|
| Size: |
4096
|
|
|
3A9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287344316.0000000003A9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A9F000
|
| Size: |
4096
|
|
|
46AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326211890.00000000046AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46AE000
|
| Size: |
8192
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243585378.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
970000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1319977087.0000000000970000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
970000
|
| Size: |
4096
|
|
|
30DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312655776.00000000030DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30DE000
|
| Size: |
8192
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366985591.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
4FC0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000003.1271090025.0000000004FC0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FC0000
|
| Size: |
4096
|
|
|
A70000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311899624.0000000000A70000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
37DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408746182.00000000037DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
37DF000
|
| Size: |
4096
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1300757450.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251782194.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
445F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409319020.000000000445F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
445F000
|
| Size: |
4096
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1359199948.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
49C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1265474936.00000000049C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49C1000
|
| Size: |
253952
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248105733.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
5140000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1288409022.0000000005140000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5140000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249831867.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
3D5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287517240.0000000003D5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3D5E000
|
| Size: |
8192
|
|
|
359F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312905576.000000000359F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
359F000
|
| Size: |
4096
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1301001303.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
3E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340563625.0000000003E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E3E000
|
| Size: |
8192
|
|
|
9DE000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311581539.00000000009DE000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9DE000
|
| Size: |
12288
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243305946.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
CBA000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285380915.0000000000CBA000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CBA000
|
| Size: |
49152
|
|
|
A70000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1270813988.0000000000A70000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A70000
|
| Size: |
24576
|
|
|
A61000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000000.1231712505.0000000000A61000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A61000
|
| Size: |
188416
|
|
|
145C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252119717.000000000145C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
145C000
|
| Size: |
4096
|
|
|
3D8000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1406937017.00000000003D8000.00000040.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3D8000
|
| Size: |
8192
|
|
|
34A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000001.1225749677.000000000034A000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
image loaded
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
34A000
|
| Size: |
4096
|
|
|
6F3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288870525.0000000006F3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F3F000
|
| Size: |
4096
|
|
|
41AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326018074.00000000041AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
41AE000
|
| Size: |
8192
|
|
|
395F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287287503.000000000395F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
395F000
|
| Size: |
4096
|
|
|
1E6987F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1331687803.0000001E6987F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1E6987F000
|
| Size: |
4096
|
|
|
45A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409397983.00000000045A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45A0000
|
| Size: |
4096
|
|
|
4300000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340778938.0000000004300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4300000
|
| Size: |
4096
|
|
|
4EB9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1231335760.0000000004EB9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EB9000
|
| Size: |
40960
|
|
|
CE4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1331582643.0000000000CE4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CE4000
|
| Size: |
217088
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
| URLs found in memory or binary data |
Networking |
|
|
|
45A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1352127078.00000000045A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45A1000
|
| Size: |
258048
|
|
|
971000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311255313.0000000000971000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
971000
|
| Size: |
69632
|
|
|
2A1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408180552.0000000002A1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A1F000
|
| Size: |
4096
|
|
|
4B6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326379744.0000000004B6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B6F000
|
| Size: |
4096
|
|
|
A86000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1270813988.0000000000A86000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A86000
|
| Size: |
12288
|
|
|
944000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311144898.0000000000944000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
944000
|
| Size: |
94208
|
|
|
3080000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342425552.0000000003080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3080000
|
| Size: |
32768
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247557960.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
8192
|
|
|
CCD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285429043.0000000000CCD000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CCD000
|
| Size: |
4096
|
|
|
CFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312020334.0000000000CFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CFC000
|
| Size: |
16384
|
|
|
4E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1264654374.0000000004E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E00000
|
| Size: |
188416
|
|
|
13F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257951124.00000000013F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F1000
|
| Size: |
4096
|
|
|
28DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408125718.00000000028DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
28DF000
|
| Size: |
4096
|
|
|
49DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288117038.00000000049DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49DE000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248939115.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
95A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433579398.000000000095A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
95A000
|
| Size: |
57344
|
|
|
F9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407980260.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F9A000
|
| Size: |
32768
|
|
|
3CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340506331.0000000003CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CFE000
|
| Size: |
8192
|
|
|
47B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1302699549.00000000047B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
47B0000
|
| Size: |
53248
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249233071.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
5130000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1288387750.0000000005130000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5130000
|
| Size: |
4096
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1277058807.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
D77000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285951079.0000000000D77000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D77000
|
| Size: |
8192
|
|
|
CF7000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285711848.0000000000CF7000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CF7000
|
| Size: |
118784
|
|
|
DFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312042828.0000000000DFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DFC000
|
| Size: |
16384
|
|
|
36BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340228523.00000000036BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36BE000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246458366.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
35DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312943369.00000000035DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35DE000
|
| Size: |
8192
|
|
|
99A000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311387029.000000000099A000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
99A000
|
| Size: |
8192
|
|
|
5051000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1278383056.0000000005051000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5051000
|
| Size: |
16384
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1299358659.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339001423.0000000000B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B1E000
|
| Size: |
8192
|
|
|
3B9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408913463.0000000003B9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B9F000
|
| Size: |
4096
|
|
|
40C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1338164815.000000000040C000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
40C000
|
| Size: |
32768
|
|
|
3C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313226407.0000000003C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C1E000
|
| Size: |
8192
|
|
|
309F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286730961.000000000309F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
309F000
|
| Size: |
4096
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1276910522.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1303887707.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
CCE000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285450085.0000000000CCE000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CCE000
|
| Size: |
12288
|
|
|
3C6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325806828.0000000003C6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C6F000
|
| Size: |
4096
|
|
|
CEE000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285668813.0000000000CEE000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CEE000
|
| Size: |
4096
|
|
|
50E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000003.1244924917.00000000050E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
F67000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407898979.0000000000F67000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F67000
|
| Size: |
12288
|
|
|
967000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000000.1257392261.0000000000967000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
967000
|
| Size: |
1011712
|
|
|
140C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1258668970.000000000140C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
140C000
|
| Size: |
8192
|
|
|
9EA000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1321655324.00000000009EA000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9EA000
|
| Size: |
16384
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248813357.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4B80000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.1364146120.0000000004B80000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B80000
|
| Size: |
4096
|
|
|
449F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287914039.000000000449F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
449F000
|
| Size: |
4096
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367025174.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
CA0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285319764.0000000000CA0000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
CA0000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
13E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286315409.00000000013E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E8000
|
| Size: |
28672
|
|
|
4EC7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1231335760.0000000004EC7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EC7000
|
| Size: |
1212416
|
|
|
50E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000003.1244950960.00000000050E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
F90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407980260.0000000000F90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F90000
|
| Size: |
32768
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249964305.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
6DFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288811105.0000000006DFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DFC000
|
| Size: |
16384
|
|
|
4A20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1362980270.0000000004A20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
53248
|
|
|
4EA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1231335760.0000000004EA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EA1000
|
| Size: |
4096
|
|
|
59C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433130628.000000000059C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59C000
|
| Size: |
16384
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1264509189.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
994000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1321279383.0000000000994000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
994000
|
| Size: |
24576
|
|
|
27BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339588623.00000000027BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
27BE000
|
| Size: |
8192
|
|
|
3F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313337159.0000000003F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F9F000
|
| Size: |
4096
|
|
|
3F2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325922945.0000000003F2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F2E000
|
| Size: |
8192
|
|
|
184000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1338164815.0000000000184000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
184000
|
| Size: |
1556480
|
|
|
50F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1288302708.00000000050F0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50F0000
|
| Size: |
4096
|
|
|
3CBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340482482.0000000003CBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CBF000
|
| Size: |
4096
|
|
|
960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1224921218.0000000000960000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
960000
|
| Size: |
16384
|
|
|
406E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325965337.000000000406E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
406E000
|
| Size: |
8192
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304482696.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
44AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313781302.00000000044AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44AF000
|
| Size: |
4096
|
|
|
A70000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1324511748.0000000000A70000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A70000
|
| Size: |
4096
|
|
|
887C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288922013.000000000887C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
887C000
|
| Size: |
16384
|
|
|
9FF000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311758957.00000000009FF000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9FF000
|
| Size: |
32768
|
|
|
331F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312803583.000000000331F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
331F000
|
| Size: |
4096
|
|
|
5010000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1314187217.0000000005010000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5010000
|
| Size: |
4096
|
|
|
502E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326430378.000000000502E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
502E000
|
| Size: |
8192
|
|
|
353F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340152579.000000000353F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
353F000
|
| Size: |
4096
|
|
|
1449000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257803040.0000000001449000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1449000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249756515.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1361499642.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1353319889.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250520173.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304560478.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
A86000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311982342.0000000000A86000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A86000
|
| Size: |
4096
|
|
|
140F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1258668970.000000000140F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
140F000
|
| Size: |
4096
|
|
|
2DFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339861252.0000000002DFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DFE000
|
| Size: |
8192
|
|
|
7DB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1318920211.00000000007DB000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7DB000
|
| Size: |
49152
|
|
|
43AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313756598.00000000043AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43AE000
|
| Size: |
8192
|
|
|
2E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408352736.0000000002E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E1E000
|
| Size: |
8192
|
|
|
692000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1407181233.0000000000692000.00000040.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
692000
|
| Size: |
4096
|
|
|
302F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325347725.000000000302F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
302F000
|
| Size: |
4096
|
|
|
CCD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1331551515.0000000000CCD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CCD000
|
| Size: |
24576
|
|
|
308A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342425552.000000000308A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
308A000
|
| Size: |
102400
|
|
|
3BBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340456838.0000000003BBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BBE000
|
| Size: |
8192
|
|
|
4FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1434704366.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB0000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248156529.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
AD7000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1284902087.0000000000AD7000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
AD7000
|
| Size: |
1421312
|
|
|
4B71000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1280109042.0000000004B71000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B71000
|
| Size: |
4096
|
|
|
4FB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000003.1271060880.0000000004FB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FB0000
|
| Size: |
4096
|
|
|
5150000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1288429919.0000000005150000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5150000
|
| Size: |
4096
|
|
|
5160000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1288450384.0000000005160000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5160000
|
| Size: |
4096
|
|
|
425E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287838352.000000000425E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
425E000
|
| Size: |
8192
|
|
|
D67000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000000.1231757182.0000000000D67000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D67000
|
| Size: |
40960
|
|
|
C4B000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285062322.0000000000C4B000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C4B000
|
| Size: |
40960
|
|
|
CEB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285641019.0000000000CEB000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CEB000
|
| Size: |
12288
|
|
|
13F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257951124.00000000013F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F3000
|
| Size: |
110592
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1264918145.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
2B3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339721036.0000000002B3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B3F000
|
| Size: |
4096
|
|
|
2F10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1278204078.0000000002F10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2F10000
|
| Size: |
53248
|
|
|
2F9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286708178.0000000002F9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F9F000
|
| Size: |
4096
|
|
|
493D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340962514.000000000493D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
493D000
|
| Size: |
12288
|
|
|
89C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1253288761.00000000089C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
89C3000
|
| Size: |
8192
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1276794814.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
4BB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.1364002949.0000000004BB0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BB0000
|
| Size: |
8192
|
|
|
9F7000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1321981931.00000000009F7000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9F7000
|
| Size: |
12288
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243424167.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251367628.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
3A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340403217.0000000003A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A7E000
|
| Size: |
8192
|
|
|
CDA000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285496411.0000000000CDA000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CDA000
|
| Size: |
16384
|
|
|
84C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1228959671.000000000084C000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
84C000
|
| Size: |
3620864
|
|
|
4FE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1314109477.0000000004FE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FE0000
|
| Size: |
4096
|
|
|
3C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287451865.0000000003C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C1E000
|
| Size: |
8192
|
|
|
A63000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1270813988.0000000000A63000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A63000
|
| Size: |
4096
|
|
|
C74000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285183909.0000000000C74000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C74000
|
| Size: |
61440
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250808437.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
8192
|
|
|
452F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326144785.000000000452F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
452F000
|
| Size: |
4096
|
|
|
4B71000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1275690221.0000000004B71000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B71000
|
| Size: |
49152
|
|
|
10A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1263620034.00000000010A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A4000
|
| Size: |
4096
|
|
|
92E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433285831.000000000092E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
92E000
|
| Size: |
8192
|
|
|
654E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288627693.000000000654E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
654E000
|
| Size: |
8192
|
|
|
5160000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1278650264.0000000005160000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5160000
|
| Size: |
8192
|
|
|
860000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433185999.0000000000860000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
860000
|
| Size: |
16384
|
|
|
967000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1270813988.0000000000967000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
967000
|
| Size: |
1011712
|
|
|
968000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1432966812.0000000000968000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
968000
|
| Size: |
69632
|
|
|
43EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326094768.00000000043EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43EF000
|
| Size: |
4096
|
|
|
1419000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286483292.0000000001419000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1419000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
A71000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311922809.0000000000A71000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A71000
|
| Size: |
16384
|
|
|
3559000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1434604612.0000000003559000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3559000
|
| Size: |
16384
|
|
|
3BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287428855.0000000003BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BDF000
|
| Size: |
4096
|
|
|
2FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342372782.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FF0000
|
| Size: |
20480
|
|
|
421E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409231868.000000000421E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
421E000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252503952.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
3520000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1434456361.0000000003520000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3520000
|
| Size: |
4096
|
|
|
5AB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1338785298.00000000005AB000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5AB000
|
| Size: |
4096
|
|
|
40DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313394731.00000000040DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
40DF000
|
| Size: |
4096
|
|
|
476E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313941554.000000000476E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
476E000
|
| Size: |
8192
|
|
|
50D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000003.1244990378.00000000050D0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50D0000
|
| Size: |
4096
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1360427505.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
30DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286748927.00000000030DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30DE000
|
| Size: |
8192
|
|
|
1458000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252131804.0000000001458000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1458000
|
| Size: |
4096
|
|
|
6BC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288757955.0000000006BC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6BC0000
|
| Size: |
12288
|
|
|
509F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288258525.000000000509F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
509F000
|
| Size: |
4096
|
|
|
A24000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1324413339.0000000000A24000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A24000
|
| Size: |
8192
|
|
|
5150000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1278847791.0000000005150000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5150000
|
| Size: |
4096
|
|
|
10A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1263643114.00000000010A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A4000
|
| Size: |
4096
|
|
|
AC9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000003.00000002.1284855416.0000000000AC9000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
AC9000
|
| Size: |
4096
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1277366799.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
970000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311232848.0000000000970000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
970000
|
| Size: |
4096
|
|
|
C5A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339076389.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C5A000
|
| Size: |
32768
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249403878.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
277F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339559091.000000000277F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
277F000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248632352.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
343E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340127422.000000000343E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
343E000
|
| Size: |
8192
|
|
|
1380000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286275322.0000000001380000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1380000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247114517.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
1638B547000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413836456.000001638B547000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1638B547000
|
| Size: |
106496
|
|
|
39EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325720495.00000000039EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
39EF000
|
| Size: |
4096
|
|
|
51B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1326575749.00000000051B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51B0000
|
| Size: |
4096
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243639412.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249622320.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246815500.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
3DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325880763.0000000003DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DEE000
|
| Size: |
8192
|
|
|
A77000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000000.1270813988.0000000000A77000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A77000
|
| Size: |
40960
|
|
|
395F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313097641.000000000395F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
395F000
|
| Size: |
4096
|
|
|
3CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408965515.0000000003CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3CDE000
|
| Size: |
8192
|
|
|
3F5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409085080.0000000003F5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3F5F000
|
| Size: |
4096
|
|
|
684000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1407181233.0000000000684000.00000040.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
684000
|
| Size: |
36864
|
|
|
4DEE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1231335760.0000000004DEE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DEE000
|
| Size: |
729088
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1276321779.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
3A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408861244.0000000003A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A5F000
|
| Size: |
4096
|
|
|
44EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313810793.00000000044EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44EE000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250620038.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
510E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341575211.000000000510E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
510E000
|
| Size: |
8192
|
|
|
5130000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1278868753.0000000005130000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5130000
|
| Size: |
4096
|
|
|
166A3420000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1331864212.00000166A3420000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
166A3420000
|
| Size: |
12288
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1357218067.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
C57000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000000.1231757182.0000000000C57000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C57000
|
| Size: |
1011712
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251011748.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249341900.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
3B7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340431982.0000000003B7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B7F000
|
| Size: |
4096
|
|
|
840000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1341827269.0000000000840000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
840000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246671832.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1240782240.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
15CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325162225.00000000015CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15CF000
|
| Size: |
4096
|
|
|
982000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1320277694.0000000000982000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
982000
|
| Size: |
8192
|
|
|
6A90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257157614.0000000006A90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A90000
|
| Size: |
8192
|
|
|
48AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410618283.00000000048AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48AF000
|
| Size: |
4096
|
|
|
C8C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1221228606.0000000000C8C000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C8C000
|
| Size: |
7163904
|
|
|
4B6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409480509.0000000004B6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B6F000
|
| Size: |
4096
|
|
|
36DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312992490.00000000036DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
36DF000
|
| Size: |
4096
|
|
|
7D2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1310837173.00000000007D2000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7D2000
|
| Size: |
20480
|
|
|
3550000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1434604612.0000000003550000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3550000
|
| Size: |
12288
|
|
|
A60000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000000.1231691588.0000000000A60000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A60000
|
| Size: |
4096
|
|
|
9EE000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1321794588.00000000009EE000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9EE000
|
| Size: |
36864
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246435803.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
1449000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1257649933.0000000001449000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1449000
|
| Size: |
4096
|
|
|
C8D000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285291352.0000000000C8D000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
C8D000
|
| Size: |
77824
|
|
|
33AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325474700.00000000033AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33AF000
|
| Size: |
4096
|
|
|
2F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408401467.0000000002F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F5E000
|
| Size: |
8192
|
|
|
658E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288648987.000000000658E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
658E000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248914804.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1354576066.0000000000F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
F50000
|
| Size: |
53248
|
|
|
2DDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408328192.0000000002DDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DDF000
|
| Size: |
4096
|
|
|
4E50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1267710841.0000000004E50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4E50000
|
| Size: |
53248
|
|
|
50B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000003.1245006874.00000000050B0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50B0000
|
| Size: |
4096
|
|
|
7DB000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1310945782.00000000007DB000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
7DB000
|
| Size: |
49152
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1304145063.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247814350.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249555745.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
393E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340343469.000000000393E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
393E000
|
| Size: |
8192
|
|
|
4EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1434667507.0000000004EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4EEE000
|
| Size: |
8192
|
|
|
385E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287263185.000000000385E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
385E000
|
| Size: |
8192
|
|
|
2FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342348147.0000000002FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FD0000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249871499.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
CA7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339076389.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CA7000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
9C6000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311488098.00000000009C6000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9C6000
|
| Size: |
16384
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1243700805.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
253952
|
|
|
340000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000001.00000000.1225233636.0000000000340000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
340000
|
| Size: |
4096
|
|
|
C8B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339076389.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C8B000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
326F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325419587.000000000326F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
326F000
|
| Size: |
4096
|
|
|
67C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1407181233.000000000067C000.00000040.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
67C000
|
| Size: |
28672
|
|
|
1638B470000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.1413757841.000001638B470000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1638B470000
|
| Size: |
4096
|
|
|
2EFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339889122.0000000002EFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EFF000
|
| Size: |
4096
|
|
|
9FB000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000002.1311725049.00000000009FB000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
9FB000
|
| Size: |
12288
|
|
|
303F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339939126.000000000303F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
303F000
|
| Size: |
4096
|
|
|
CEF000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285689816.0000000000CEF000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
CEF000
|
| Size: |
32768
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249009055.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
979000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1432649468.0000000000979000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
979000
|
| Size: |
4096
|
|
|
971000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1320058329.0000000000971000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
971000
|
| Size: |
69632
|
|
|
50B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1224688996.00000000050B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
50B5000
|
| Size: |
40960
|
|
|
4A2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326334757.0000000004A2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A2F000
|
| Size: |
4096
|
|
|
994000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311362595.0000000000994000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
994000
|
| Size: |
24576
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1297593660.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
49152
|
|
|
3A9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313150180.0000000003A9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3A9F000
|
| Size: |
4096
|
|
|
316E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325394958.000000000316E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
316E000
|
| Size: |
8192
|
|
|
32F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342567342.00000000032F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32F0000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247403785.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
A77000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000004.00000000.1257392261.0000000000A77000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A77000
|
| Size: |
40960
|
|
|
35DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287013643.00000000035DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
35DE000
|
| Size: |
8192
|
|
|
4320000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340811263.0000000004320000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4320000
|
| Size: |
36864
|
|
|
4F50000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1305162001.0000000004F50000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
4F50000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247595902.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
A07000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1324381155.0000000000A07000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A07000
|
| Size: |
118784
|
|
|
A77000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000007.00000002.1324615602.0000000000A77000.00000080.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
A77000
|
| Size: |
40960
|
|
|
9FE000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1323102763.00000000009FE000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
9FE000
|
| Size: |
4096
|
|
|
4B90000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000003.1364102755.0000000004B90000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B90000
|
| Size: |
4096
|
|
|
2F10000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1278069438.0000000002F10000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2F10000
|
| Size: |
53248
|
|
|
2B90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410365098.0000000002B90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B90000
|
| Size: |
4096
|
|
|
1687000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286609586.0000000001687000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1687000
|
| Size: |
32768
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1265059769.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
C9F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339076389.0000000000C9F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C9F000
|
| Size: |
20480
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246585139.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
A07000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311778353.0000000000A07000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A07000
|
| Size: |
118784
|
|
|
4F2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1434685676.0000000004F2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F2F000
|
| Size: |
4096
|
|
|
50E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000003.1244867122.00000000050E0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
1473000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252028426.0000000001473000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1473000
|
| Size: |
49152
|
|
|
403000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1338164815.0000000000403000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
403000
|
| Size: |
28672
|
|
|
345F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286923799.000000000345F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
345F000
|
| Size: |
4096
|
|
|
131000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1338018965.0000000000131000.00000040.00000001.01000000.0000000B.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
131000
|
| Size: |
266240
|
|
|
485F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288047388.000000000485F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
485F000
|
| Size: |
4096
|
|
|
3B2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325763852.0000000003B2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3B2F000
|
| Size: |
4096
|
|
|
2B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408253272.0000000002B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B9E000
|
| Size: |
8192
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1303623177.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
49152
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1242489180.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
1E6959F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1331662085.0000001E6959F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1E6959F000
|
| Size: |
4096
|
|
|
4321000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1303995790.0000000004321000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4321000
|
| Size: |
4096
|
|
|
4F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341514150.0000000004F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F9E000
|
| Size: |
8192
|
|
|
2FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410559000.0000000002FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FD0000
|
| Size: |
32768
|
|
|
32FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1340074883.00000000032FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32FE000
|
| Size: |
8192
|
|
|
FA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407980260.0000000000FA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FA4000
|
| Size: |
135168
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
49C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1314038462.00000000049C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49C0000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1247699055.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4F9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1224688996.0000000004F9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F9E000
|
| Size: |
1081344
|
|
|
4A20000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409424076.0000000004A20000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
4096
|
|
|
4EB1000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1269735826.0000000004EB1000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4EB1000
|
| Size: |
16384
|
|
|
C8A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1221228606.0000000000C8A000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C8A000
|
| Size: |
4096
|
|
|
99C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1321327753.000000000099C000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
99C000
|
| Size: |
4096
|
|
|
2F20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325291944.0000000002F20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F20000
|
| Size: |
16384
|
|
|
2A5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408205404.0000000002A5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A5E000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250775429.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4BE0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.1409566430.0000000004BE0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4BE0000
|
| Size: |
4096
|
|
|
497C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1303366750.000000000497C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
497C000
|
| Size: |
1810432
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1248315081.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251458536.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
C63000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339076389.0000000000C63000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C63000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
381E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1408771998.000000000381E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
381E000
|
| Size: |
8192
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1367064686.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
1A0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1406846292.00000000001A0000.00000004.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1A0000
|
| Size: |
4096
|
|
|
CE5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1339388742.0000000000CE5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CE5000
|
| Size: |
212992
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found strings which match to known social media urls |
Networking |
|
| URLs found in memory or binary data |
Networking |
|
|
|
A75000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.1311940843.0000000000A75000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A75000
|
| Size: |
4096
|
|
|
D4F000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000000.1231757182.0000000000D4F000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D4F000
|
| Size: |
4096
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246742163.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
399E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287314122.000000000399E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
399E000
|
| Size: |
8192
|
|
|
2FF3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1409642264.0000000002FF3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FF3000
|
| Size: |
4096
|
|
|
142E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1258853508.000000000142E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
142E000
|
| Size: |
4096
|
|
|
5140000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1278829744.0000000005140000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5140000
|
| Size: |
4096
|
|
|
2D9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286654562.0000000002D9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D9F000
|
| Size: |
4096
|
|
|
2E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410458061.0000000002E60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E60000
|
| Size: |
8192
|
|
|
411E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1287770305.000000000411E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
411E000
|
| Size: |
8192
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1277313933.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
6A81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1256658103.0000000006A81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A81000
|
| Size: |
4096
|
|
|
49B0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1264979307.00000000049B0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
49B0000
|
| Size: |
53248
|
|
|
47EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326260257.00000000047EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47EE000
|
| Size: |
8192
|
|
|
A75000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.1324590243.0000000000A75000.00000040.00000001.01000000.0000000A.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
A75000
|
| Size: |
4096
|
|
|
3E1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1409023663.0000000003E1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E1F000
|
| Size: |
4096
|
|
|
312F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1325372748.000000000312F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
312F000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1251396609.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
11E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1275763887.00000000011E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
53248
|
|
|
4FA0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000003.1271114537.0000000004FA0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FA0000
|
| Size: |
4096
|
|
|
D61000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
00000003.00000002.1285857100.0000000000D61000.00000080.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
D61000
|
| Size: |
16384
|
|
|
4930000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000003.1303019520.0000000004930000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4930000
|
| Size: |
4096
|
|
|
830000
|
unkown
|
page execute and write copy
|
|
|
|
| Name: |
0000000D.00000002.1407707032.0000000000830000.00000080.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and write copy
|
| Base address: |
830000
|
| Size: |
8192
|
|
|
3EA000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000D.00000000.1342880136.00000000003EA000.00000008.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
3EA000
|
| Size: |
4096
|
|
|
956000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1433019118.0000000000956000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
956000
|
| Size: |
73728
|
|
|
D60000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285828506.0000000000D60000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
D60000
|
| Size: |
4096
|
|
|
442E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326121726.000000000442E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
442E000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1250061415.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
3E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1313316614.0000000003E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3E9E000
|
| Size: |
8192
|
|
|
D1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1331453556.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D1E000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4EB2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1231335760.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EB2000
|
| Size: |
24576
|
|
|
DB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000003.1366958054.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DB4000
|
| Size: |
4096
|
|
|
13F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1286442610.00000000013F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F3000
|
| Size: |
102400
|
|
|
5160000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000003.1278808044.0000000005160000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5160000
|
| Size: |
4096
|
|
|
3EA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407147176.00000000003EA000.00000004.00000001.01000000.0000000C.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3EA000
|
| Size: |
4096
|
|
|
4F2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1341485147.0000000004F2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F2F000
|
| Size: |
4096
|
|
|
4960000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1341041440.0000000004960000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4960000
|
| Size: |
4096
|
|
|
C88000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1221212799.0000000000C88000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
C88000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249198963.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
42EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1326070818.00000000042EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
42EE000
|
| Size: |
8192
|
|
|
2FDA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1410559000.0000000002FDA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FDA000
|
| Size: |
102400
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1240010464.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
93C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1338870585.000000000093C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
93C000
|
| Size: |
16384
|
|
|
4940000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000B.00000002.1340991678.0000000004940000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4940000
|
| Size: |
4096
|
|
|
304D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1342398719.000000000304D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
304D000
|
| Size: |
12288
|
|
|
1660000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1242293763.0000000001660000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
53248
|
|
|
C57000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1285062322.0000000000C57000.00000040.00000001.01000000.00000006.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
C57000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1407843835.0000000000D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D9E000
|
| Size: |
8192
|
|
|
12A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1246537127.00000000012A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A4000
|
| Size: |
4096
|
|
|
D3C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.1324706516.0000000000D3C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D3C000
|
| Size: |
16384
|
|
|
1070000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1312083196.0000000001070000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1070000
|
| Size: |
4096
|
|
|
C40000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1298896894.0000000000C40000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
C40000
|
| Size: |
53248
|
|
|
93B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433315270.000000000093B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
93B000
|
| Size: |
98304
|
|
|
AD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.1338946606.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD5000
|
| Size: |
8192
|
|
|
4EA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1231335760.0000000004EA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EA4000
|
| Size: |
8192
|
|
|
650E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1288600475.000000000650E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
650E000
|
| Size: |
8192
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1249727733.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
559000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1433109492.0000000000559000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
559000
|
| Size: |
28672
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252775325.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4AE1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1252725277.0000000004AE1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AE1000
|
| Size: |
4096
|
|
|
4B71000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1280054501.0000000004B71000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B71000
|
| Size: |
49152
|
|
