445000
|
unkown
|
page readonly
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000009.00000002.2540293467.0000000000445000.00000002.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
445000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found malware configuration |
AV Detection |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara detected Vidar stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
URLs found in memory or binary data |
Networking |
|
|
5510000
|
direct allocation
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000004.00000002.2407356619.0000000005510000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
5510000
|
Size: |
204800
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Stealc |
Stealing of Sensitive Information, Remote Access Functionality |
|
Yara detected Vidar stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
URLs found in memory or binary data |
Networking |
|
|
465000
|
unkown
|
page read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000009.00000002.2540314947.0000000000465000.00000004.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
465000
|
Size: |
1519616
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Vidar stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
URLs found in memory or binary data |
Networking |
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2436294829.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
E90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190766248.0000000000E90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
E90000
|
Size: |
4096
|
|
1976C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2546840290.000000001976C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1976C000
|
Size: |
16384
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435257115.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
51FE000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2407126483.00000000051FE000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
51FE000
|
Size: |
24576
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434448964.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
5189000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2407126483.0000000005189000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
5189000
|
Size: |
4096
|
|
275BA000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2172041990.00000000275BA000.00000004.00000001.01000000.00000008.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
275BA000
|
Size: |
12288
|
|
27D0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406440148.00000000027D0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
27D0000
|
Size: |
4096
|
|
2CD9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196118649.0000000002CD9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CD9000
|
Size: |
4096
|
|
35B1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2450943616.00000000035B1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35B1000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found strings which match to known social media urls |
Networking |
|
URLs found in memory or binary data |
Networking |
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146928255.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
BA9E000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541837942.000000000BA9E000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
BA9E000
|
Size: |
24576
|
|
2F06000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191179723.0000000002F06000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2F06000
|
Size: |
4096
|
|
A4E000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635313920.0000000000A4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
A4E000
|
Size: |
8192
|
|
4FBD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2407010771.0000000004FBD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4FBD000
|
Size: |
647168
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2436250778.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
3476000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541254560.0000000003476000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3476000
|
Size: |
647168
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
3010000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406747212.0000000003010000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3010000
|
Size: |
73728
|
|
4DEF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2160421868.0000000004DEF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4DEF000
|
Size: |
106496
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2165671175.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
6F5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170764300.00000000006F5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F5000
|
Size: |
4096
|
|
5411000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2235584021.0000000005411000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
5411000
|
Size: |
131072
|
|
433000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170475640.0000000000433000.00000004.00000001.01000000.00000007.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
433000
|
Size: |
4096
|
|
21FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2171024473.00000000021FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21FB000
|
Size: |
40960
|
|
1E53B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2547133999.000000001E53B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1E53B000
|
Size: |
20480
|
|
1CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194716002.00000000001CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1CE000
|
Size: |
8192
|
|
BCC0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541993527.000000000BCC0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCC0000
|
Size: |
4096
|
|
544000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000003.2169740366.0000000000544000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
544000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2436093840.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
BCD0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541993527.000000000BCD0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCD0000
|
Size: |
266240
|
|
3597000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.0000000003597000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3597000
|
Size: |
28672
|
|
3186000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196644121.0000000003186000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3186000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147684188.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
544000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000003.2168763294.0000000000544000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
544000
|
Size: |
4096
|
|
25D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195490701.00000000025D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25D4000
|
Size: |
798720
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433914494.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3C43000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2159046885.0000000003C43000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3C43000
|
Size: |
2424832
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147165734.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
3537000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.0000000003537000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3537000
|
Size: |
188416
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435099448.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2436816792.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434532144.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145880523.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434892030.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2162568011.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433936353.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
27501000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000002.00000002.2171954674.0000000027501000.00000020.00000001.01000000.00000008.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
27501000
|
Size: |
753664
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
298E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143247554.000000000298E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
298E000
|
Size: |
311296
|
|
2D0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2186599027.00000000002D0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
2D0000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434824991.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
EF4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190877350.0000000000EF4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
EF4000
|
Size: |
192512
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2436926469.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146879467.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
1722E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2546801160.000000001722E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1722E000
|
Size: |
8192
|
|
2FB6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143247554.0000000002FB6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2FB6000
|
Size: |
16384
|
|
318000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2187725789.0000000000318000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
318000
|
Size: |
12288
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435596238.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2165755012.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
F46000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190877350.0000000000F46000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F46000
|
Size: |
94208
|
|
BCC7000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541993527.000000000BCC7000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCC7000
|
Size: |
8192
|
|
2C44000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2330102863.0000000002C44000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2C44000
|
Size: |
4096
|
|
27B0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2406399065.00000000027B0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
27B0000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144646410.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
2C44000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2406127831.0000000002C44000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2C44000
|
Size: |
4096
|
|
27501000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000003.00000002.2196853032.0000000027501000.00000020.00000001.01000000.0000000A.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
27501000
|
Size: |
753664
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147824894.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434945865.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
4DC0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2193595697.0000000004DC0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
4DC0000
|
Size: |
77824
|
|
2FBC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143247554.0000000002FBC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2FBC000
|
Size: |
135168
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145846274.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147225608.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434421396.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
1262F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2544979044.000000001262F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1262F000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434466608.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
F3A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190877350.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F3A000
|
Size: |
45056
|
|
3AE0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2192439487.0000000003AE0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3AE0000
|
Size: |
1196032
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435410245.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433771120.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
5E9000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540314947.00000000005E9000.00000004.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
5E9000
|
Size: |
417792
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
364C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.000000000364C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
364C000
|
Size: |
4096
|
|
323000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2142258743.0000000000323000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
323000
|
Size: |
503808
|
|
5411000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2329993648.0000000005411000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
5411000
|
Size: |
225280
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2165374464.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
BDD5000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2542082129.000000000BDD5000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BDD5000
|
Size: |
12288
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000002.00000002.2170312412.0000000000401000.00000020.00000001.01000000.00000007.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
196608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435797081.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433705198.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433671222.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
BDC5000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2542082129.000000000BDC5000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BDC5000
|
Size: |
4096
|
|
4E42000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2160421868.0000000004E42000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E42000
|
Size: |
32768
|
|
9E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190686142.00000000009E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9E0000
|
Size: |
4096
|
|
4D3A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406823080.0000000004D3A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4D3A000
|
Size: |
512000
|
|
318000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.2142238134.0000000000318000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
318000
|
Size: |
8192
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147753241.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
1BD40000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2437777242.000000001BD40000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
1BD40000
|
Size: |
4096
|
|
3364000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196742262.0000000003364000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3364000
|
Size: |
647168
|
|
EED000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2190834405.0000000000EED000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
EED000
|
Size: |
28672
|
|
BA29000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541837942.000000000BA29000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
BA29000
|
Size: |
4096
|
|
B10000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635361333.0000000000B10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B10000
|
Size: |
24576
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145906927.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146207667.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
BDE6000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2542082129.000000000BDE6000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BDE6000
|
Size: |
20480
|
|
431000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000002.00000000.2165574381.0000000000431000.00000008.00000001.01000000.00000007.sdmp
|
TargetID: |
2
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
431000
|
Size: |
12288
|
|
99E000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635255332.000000000099E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
99E000
|
Size: |
8192
|
|
BEB0000
|
unclassified section
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2542249198.000000000BEB0000.00000004.10000000.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unclassified section
|
Protect: |
page read and write
|
Base address: |
BEB0000
|
Size: |
4096
|
|
287E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2171386304.000000000287E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
287E000
|
Size: |
1187840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
6EF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195154440.00000000006EF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6EF000
|
Size: |
4096
|
|
3E92000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2192732992.0000000003E92000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3E92000
|
Size: |
1187840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147197419.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146607983.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146716061.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
59C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194900592.000000000059C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
59C000
|
Size: |
90112
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147091341.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
3088000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196426125.0000000003088000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3088000
|
Size: |
512000
|
|
5BE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170622707.00000000005BE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5BE000
|
Size: |
270336
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434039174.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147809946.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
5410000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2407333836.0000000005410000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
5410000
|
Size: |
4096
|
|
EE9000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2190834405.0000000000EE9000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
EE9000
|
Size: |
8192
|
|
29DE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143247554.00000000029DE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29DE000
|
Size: |
499712
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147722472.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
371B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191249919.000000000371B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
371B000
|
Size: |
233472
|
|
35B1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2529963608.00000000035B1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35B1000
|
Size: |
323584
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
850000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540979893.0000000000850000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
850000
|
Size: |
61440
|
|
3755000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191249919.0000000003755000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3755000
|
Size: |
16384
|
|
275BA000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196964316.00000000275BA000.00000004.00000001.01000000.0000000A.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
275BA000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434690523.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
53A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194900592.000000000053A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
53A000
|
Size: |
8192
|
|
27C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2171255132.00000000027C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27C7000
|
Size: |
647168
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
EDB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190789926.0000000000EDB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
EDB000
|
Size: |
20480
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435657004.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
150000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194590124.0000000000150000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
150000
|
Size: |
4096
|
|
5DE000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540314947.00000000005DE000.00000004.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
5DE000
|
Size: |
20480
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146159842.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
140000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194569789.0000000000140000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
140000
|
Size: |
4096
|
|
2F65000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196426125.0000000002F65000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2F65000
|
Size: |
1187840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434758985.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
35AA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2529963608.00000000035AA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
8192
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435535323.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2436890380.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
11DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191016404.00000000011DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
11DE000
|
Size: |
8192
|
|
DB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170033708.00000000000DB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
DB000
|
Size: |
20480
|
|
66F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195082565.000000000066F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
66F000
|
Size: |
4096
|
|
544000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000003.2169843887.0000000000544000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
544000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435064357.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
1F5E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195221384.0000000001F5E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1F5E000
|
Size: |
40960
|
|
4E71000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2160421868.0000000004E71000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E71000
|
Size: |
5218304
|
|
2C44000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2330062856.0000000002C44000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2C44000
|
Size: |
4096
|
|
F50000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433523319.0000000000F50000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
F50000
|
Size: |
163840
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434083611.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6B0000
|
heap
|
page readonly
|
|
|
|
Name: |
00000009.00000002.2540757552.00000000006B0000.00000002.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page readonly
|
Base address: |
6B0000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2165708464.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
3120000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406800053.0000000003120000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3120000
|
Size: |
36864
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2436154445.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433858600.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
35F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2450921938.00000000035F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35F7000
|
Size: |
4096
|
|
27E0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406457214.00000000027E0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
27E0000
|
Size: |
4096
|
|
150000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170146827.0000000000150000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
150000
|
Size: |
4096
|
|
BDB4000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2542082129.000000000BDB4000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BDB4000
|
Size: |
12288
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000002.00000002.2170291381.0000000000400000.00000002.00000001.01000000.00000007.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
246BC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2549803849.00000000246BC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
246BC000
|
Size: |
16384
|
|
616000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170622707.0000000000616000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
616000
|
Size: |
24576
|
|
342E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541254560.000000000342E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
342E000
|
Size: |
290816
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
420000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000009.00000002.2540226901.0000000000420000.00000002.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
420000
|
Size: |
4096
|
|
3787000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191941536.0000000003787000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3787000
|
Size: |
1187840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
544000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000003.2168730295.0000000000544000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
544000
|
Size: |
4096
|
|
2FF0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406747212.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2FF0000
|
Size: |
4096
|
|
544000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000003.2169781086.0000000000544000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
544000
|
Size: |
4096
|
|
540000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170575028.0000000000540000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
540000
|
Size: |
16384
|
|
61D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170622707.000000000061D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
61D000
|
Size: |
356352
|
|
24D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.2173374911.00000000024D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
24D1000
|
Size: |
225280
|
|
B900000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541837942.000000000B900000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
B900000
|
Size: |
1196032
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
31FA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191249919.00000000031FA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
31FA000
|
Size: |
315392
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147708200.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
E0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190725871.0000000000E0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
E0E000
|
Size: |
8192
|
|
35B6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2451026839.00000000035B6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35B6000
|
Size: |
135168
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435688440.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
4F75000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2407010771.0000000004F75000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4F75000
|
Size: |
290816
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144606460.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
2A81000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143863578.0000000002A81000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A81000
|
Size: |
225280
|
|
A0E000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635299390.0000000000A0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
A0E000
|
Size: |
8192
|
|
4E0F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2160421868.0000000004E0F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E0F000
|
Size: |
12288
|
|
8FB000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2142258743.00000000008FB000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
8FB000
|
Size: |
20480
|
|
1BD7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2546961449.000000001BD7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BD7E000
|
Size: |
8192
|
|
2C44000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2330177039.0000000002C44000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2C44000
|
Size: |
4096
|
|
2DF0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406659865.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DF0000
|
Size: |
40960
|
|
3A0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000001.2142877089.00000000003A0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
image loaded
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3A0000
|
Size: |
319488
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000003.00000002.2194751559.0000000000401000.00000020.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
196608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
3566000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.0000000003566000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3566000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435191810.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
1F6C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195221384.0000000001F6C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1F6C000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144547277.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
79D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170794946.000000000079D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
79D000
|
Size: |
667648
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
B00000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635345635.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B00000
|
Size: |
20480
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147966740.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
38AA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191941536.00000000038AA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
38AA000
|
Size: |
512000
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
3C09000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2192439487.0000000003C09000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C09000
|
Size: |
4096
|
|
A4EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541819225.000000000A4EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
A4EE000
|
Size: |
8192
|
|
2751000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195675297.0000000002751000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2751000
|
Size: |
348160
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
1E32B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2547059151.000000001E32B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1E32B000
|
Size: |
20480
|
|
27A7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195675297.00000000027A7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27A7000
|
Size: |
647168
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
35F3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2449864376.00000000035F3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35F3000
|
Size: |
24576
|
|
2AAA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143247554.0000000002AAA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2AAA000
|
Size: |
4993024
|
|
3F0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2142258743.00000000003F0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3F0000
|
Size: |
4988928
|
|
1E540000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2547164268.000000001E540000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E540000
|
Size: |
4096
|
|
95B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190618271.000000000095B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
95B000
|
Size: |
20480
|
|
3624000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.0000000003624000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3624000
|
Size: |
147456
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434235390.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3601000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2529924255.0000000003601000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3601000
|
Size: |
4096
|
|
D6000
|
stack
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170033708.00000000000D6000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
D6000
|
Size: |
8192
|
|
BFA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541001928.0000000000BFA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
BFA000
|
Size: |
1187840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
2981000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195892526.0000000002981000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2981000
|
Size: |
512000
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434201060.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2436849094.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
BCB0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541993527.000000000BCB0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB0000
|
Size: |
40960
|
|
BE07000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2542082129.000000000BE07000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BE07000
|
Size: |
98304
|
|
82E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540893603.000000000082E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
82E000
|
Size: |
8192
|
|
530000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194900592.0000000000530000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
530000
|
Size: |
32768
|
|
29A1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2171386304.00000000029A1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
29A1000
|
Size: |
512000
|
|
544000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000003.2166971376.0000000000544000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
544000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433465474.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
8B4000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2188221567.00000000008B4000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
8B4000
|
Size: |
28672
|
|
850000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170852950.0000000000850000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
850000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434630420.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
180000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194695527.0000000000180000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
180000
|
Size: |
16384
|
|
9A0000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635270046.00000000009A0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9A0000
|
Size: |
4096
|
|
2CAD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191128311.0000000002CAD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2CAD000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434858882.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435566499.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
2D8E000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406639927.0000000002D8E000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2D8E000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434020537.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2C44000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2330127143.0000000002C44000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2C44000
|
Size: |
4096
|
|
302000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2142217054.0000000000302000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
302000
|
Size: |
90112
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540799641.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
16384
|
|
27C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406416508.00000000027C0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
27C0000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2436126025.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
184000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.2173524130.0000000000184000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
184000
|
Size: |
4096
|
|
4E4B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2160421868.0000000004E4B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E4B000
|
Size: |
32768
|
|
45F000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540314947.000000000045F000.00000004.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
45F000
|
Size: |
16384
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434597541.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146896600.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190640931.00000000009C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C0000
|
Size: |
16384
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146801102.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
5B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170622707.00000000005B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5B0000
|
Size: |
32768
|
|
375B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191249919.000000000375B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
375B000
|
Size: |
135168
|
|
1712D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2545679541.000000001712D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1712D000
|
Size: |
12288
|
|
8C1000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2142258743.00000000008C1000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
8C1000
|
Size: |
233472
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147362448.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
3C0D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2192439487.0000000003C0D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C0D000
|
Size: |
458752
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434807228.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3C7E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2192439487.0000000003C7E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3C7E000
|
Size: |
24576
|
|
3110000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196644121.0000000003110000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3110000
|
Size: |
167936
|
|
434000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000002.00000000.2165593171.0000000000434000.00000002.00000001.01000000.00000007.sdmp
|
TargetID: |
2
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
434000
|
Size: |
77824
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2165834649.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
459000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540314947.0000000000459000.00000004.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
459000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146783306.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
2BA0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191104140.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2BA0000
|
Size: |
57344
|
|
14BAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2545212605.0000000014BAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
14BAE000
|
Size: |
8192
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2437098985.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
58E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170605284.000000000058E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
58E000
|
Size: |
8192
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435161421.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
35AB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.00000000035AB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35AB000
|
Size: |
393216
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2771000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2171255132.0000000002771000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2771000
|
Size: |
348160
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000002.00000000.2165542384.0000000000401000.00000020.00000001.01000000.00000007.sdmp
|
TargetID: |
2
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
196608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
171AF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2546282258.00000000171AF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
171AF000
|
Size: |
4096
|
|
3530000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.0000000003530000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3530000
|
Size: |
24576
|
|
83C000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635220430.000000000083C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
83C000
|
Size: |
16384
|
|
BE20000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2542082129.000000000BE20000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BE20000
|
Size: |
12288
|
|
BE29000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2542082129.000000000BE29000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BE29000
|
Size: |
8192
|
|
3A0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2142258743.00000000003A0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3A0000
|
Size: |
319488
|
|
24D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.2170855057.00000000024D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
24D1000
|
Size: |
225280
|
|
10DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190995712.00000000010DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
10DE000
|
Size: |
8192
|
|
184000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.2173637600.0000000000184000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
184000
|
Size: |
4096
|
|
35D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2449897112.00000000035D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35D8000
|
Size: |
110592
|
|
2CFD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2171686522.0000000002CFD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CFD000
|
Size: |
458752
|
|
2F7C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143247554.0000000002F7C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F7C000
|
Size: |
233472
|
|
19E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170168714.000000000019E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
19E000
|
Size: |
8192
|
|
323000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2188221567.0000000000323000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
323000
|
Size: |
503808
|
|
3210000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196718461.0000000003210000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3210000
|
Size: |
73728
|
|
312D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191249919.000000000312D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
312D000
|
Size: |
311296
|
|
2D80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191160949.0000000002D80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2D80000
|
Size: |
12288
|
|
2F6F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143247554.0000000002F6F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2F6F000
|
Size: |
28672
|
|
431000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000002.00000002.2170370345.0000000000431000.00000008.00000001.01000000.00000007.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
431000
|
Size: |
8192
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435471300.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
5060000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2407126483.0000000005060000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
5060000
|
Size: |
1196032
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
357C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.000000000357C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
357C000
|
Size: |
32768
|
|
35B6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2450943616.00000000035B6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35B6000
|
Size: |
135168
|
|
2A80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191083488.0000000002A80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A80000
|
Size: |
4096
|
|
D6000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194432095.00000000000D6000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
D6000
|
Size: |
8192
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435898196.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
544000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000003.2169719276.0000000000544000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
544000
|
Size: |
4096
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000000.2169604138.0000000000400000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433615508.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
221184
|
|
1AC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540059909.00000000001AC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1AC000
|
Size: |
16384
|
|
7FAE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541796268.0000000007FAE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
7FAE000
|
Size: |
8192
|
|
DB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194432095.00000000000DB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
DB000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434001591.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
BA2D000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541837942.000000000BA2D000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
BA2D000
|
Size: |
458752
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.2194734440.0000000000400000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
35AA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2450943616.00000000035AA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35AA000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
27A0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2406342042.00000000027A0000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
27A0000
|
Size: |
4096
|
|
1716E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2545999467.000000001716E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1716E000
|
Size: |
8192
|
|
D1D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541001928.0000000000D1D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D1D000
|
Size: |
512000
|
|
170000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194676862.0000000000170000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
170000
|
Size: |
12288
|
|
2467C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2549646498.000000002467C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2467C000
|
Size: |
16384
|
|
CFB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190705311.0000000000CFB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CFB000
|
Size: |
20480
|
|
E4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190747009.0000000000E4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
E4E000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433739182.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
275B9000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000002.00000002.2172025328.00000000275B9000.00000008.00000001.01000000.00000008.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
275B9000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435028689.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000003.00000000.2169625734.0000000000401000.00000020.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
196608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
2AFA000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406474359.0000000002AFA000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2AFA000
|
Size: |
24576
|
|
2D0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2142129418.00000000002D0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
2D0000
|
Size: |
4096
|
|
184000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.2170900295.0000000000184000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
184000
|
Size: |
4096
|
|
7ED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540860416.00000000007ED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
7ED000
|
Size: |
12288
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635283665.00000000009C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C0000
|
Size: |
20480
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147900043.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
2CF9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2171686522.0000000002CF9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CF9000
|
Size: |
4096
|
|
544000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000003.2166672562.0000000000544000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
544000
|
Size: |
4096
|
|
317D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191249919.000000000317D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
317D000
|
Size: |
499712
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146235485.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
302000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2187249329.0000000000302000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
302000
|
Size: |
90112
|
|
421000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000009.00000002.2540256635.0000000000421000.00000020.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
421000
|
Size: |
147456
|
|
8FB000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2188221567.00000000008FB000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
8FB000
|
Size: |
20480
|
|
2BD0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2171686522.0000000002BD0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2BD0000
|
Size: |
1196032
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
1BCFD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2546932513.000000001BCFD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1BCFD000
|
Size: |
12288
|
|
9C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194405098.000000000009C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9C000
|
Size: |
16384
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146699871.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
2D1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000002.2186628650.00000000002D1000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
2D1000
|
Size: |
200704
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146963500.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
661000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540661288.0000000000661000.00000004.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
661000
|
Size: |
4096
|
|
1266E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2545083925.000000001266E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1266E000
|
Size: |
8192
|
|
544000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000003.2169801518.0000000000544000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
544000
|
Size: |
4096
|
|
2D6E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2171686522.0000000002D6E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D6E000
|
Size: |
24576
|
|
275BE000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.2196981284.00000000275BE000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
275BE000
|
Size: |
36864
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147738698.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
1BD40000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2437725584.000000001BD40000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
1BD40000
|
Size: |
4096
|
|
4E0A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2160421868.0000000004E0A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E0A000
|
Size: |
16384
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147259869.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144700522.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
F7D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190877350.0000000000F7D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
F7D000
|
Size: |
16384
|
|
35D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2450943616.00000000035D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35D8000
|
Size: |
110592
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
370E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191249919.000000000370E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
370E000
|
Size: |
28672
|
|
171C0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2546558869.00000000171C0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
171C0000
|
Size: |
4096
|
|
197BB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2546905623.00000000197BB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
197BB000
|
Size: |
20480
|
|
434000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.2194865010.0000000000434000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
434000
|
Size: |
77824
|
|
184000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.2173483726.0000000000184000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
184000
|
Size: |
4096
|
|
184000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.2173504530.0000000000184000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
184000
|
Size: |
4096
|
|
21E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170979948.00000000021E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
21E0000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434109325.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146027117.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
3FB5000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2192732992.0000000003FB5000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3FB5000
|
Size: |
512000
|
|
2C40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406537432.0000000002C40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2C40000
|
Size: |
16384
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2436672377.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
5543000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2407356619.0000000005543000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
5543000
|
Size: |
8192
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434919042.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
360C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.000000000360C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
360C000
|
Size: |
32768
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2165630417.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
518D000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2407126483.000000000518D000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
518D000
|
Size: |
458752
|
|
14BEE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2545361869.0000000014BEE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
14BEE000
|
Size: |
8192
|
|
9C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2169984293.000000000009C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9C000
|
Size: |
16384
|
|
2A5B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143247554.0000000002A5B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A5B000
|
Size: |
315392
|
|
BE26000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2542082129.000000000BE26000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BE26000
|
Size: |
8192
|
|
431000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000003.00000002.2194822187.0000000000431000.00000008.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
431000
|
Size: |
8192
|
|
2C44000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2330202330.0000000002C44000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2C44000
|
Size: |
4096
|
|
4E13000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2160421868.0000000004E13000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E13000
|
Size: |
24576
|
|
901000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2188221567.0000000000901000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
901000
|
Size: |
126976
|
|
3249000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191249919.0000000003249000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3249000
|
Size: |
4993024
|
|
2000000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170871596.0000000002000000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2000000
|
Size: |
4096
|
|
A8F000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635329370.0000000000A8F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
A8F000
|
Size: |
4096
|
|
433000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194844940.0000000000433000.00000004.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
433000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435327748.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147399770.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144683028.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
650000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540633780.0000000000650000.00000004.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
650000
|
Size: |
4096
|
|
2001000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000003.2166626062.0000000002001000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2001000
|
Size: |
225280
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145973602.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
27500000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000002.2196835724.0000000027500000.00000002.00000001.01000000.0000000A.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
27500000
|
Size: |
4096
|
|
BDB0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2542082129.000000000BDB0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BDB0000
|
Size: |
4096
|
|
285E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195892526.000000000285E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
285E000
|
Size: |
1187840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
2A81000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2165312293.0000000002A81000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2A81000
|
Size: |
225280
|
|
2CDD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196118649.0000000002CDD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2CDD000
|
Size: |
458752
|
|
3648000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2539593017.0000000003648000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3648000
|
Size: |
217088
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146047684.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
323000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000001.2142877089.0000000000323000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
image loaded
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
323000
|
Size: |
503808
|
|
1E2000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540112609.00000000001E2000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1E2000
|
Size: |
24576
|
|
417D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2192910487.000000000417D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
417D000
|
Size: |
3198976
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
448B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2192910487.000000000448B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
448B000
|
Size: |
303104
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434057235.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
53E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194900592.000000000053E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
53E000
|
Size: |
270336
|
|
184000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.2173439762.0000000000184000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
184000
|
Size: |
4096
|
|
3585000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.0000000003585000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3585000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146911263.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
EE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190809752.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
EE0000
|
Size: |
36864
|
|
B18000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635361333.0000000000B18000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
B18000
|
Size: |
40960
|
|
3A0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2188221567.00000000003A0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3A0000
|
Size: |
319488
|
|
31B000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000001.2142877089.000000000031B000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
image loaded
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
31B000
|
Size: |
16384
|
|
1E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170254570.00000000001E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1E0000
|
Size: |
45056
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434568738.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540778090.00000000006C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6C0000
|
Size: |
8192
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2190663532.00000000009D0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9D0000
|
Size: |
4096
|
|
2C44000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2235611778.0000000002C44000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2C44000
|
Size: |
4096
|
|
5BA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170622707.00000000005BA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5BA000
|
Size: |
8192
|
|
F9E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541231475.0000000000F9E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
F9E000
|
Size: |
8192
|
|
BDBA000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2542082129.000000000BDBA000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BDBA000
|
Size: |
20480
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433841115.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540727404.00000000006A0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A0000
|
Size: |
4096
|
|
275B9000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000003.00000002.2196943542.00000000275B9000.00000008.00000001.01000000.0000000A.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
275B9000
|
Size: |
4096
|
|
2D1000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000000.2142167492.00000000002D1000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
2D1000
|
Size: |
200704
|
|
2C44000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2330152060.0000000002C44000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2C44000
|
Size: |
4096
|
|
2DFC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406659865.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2DFC000
|
Size: |
73728
|
|
415F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2192910487.000000000415F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
415F000
|
Size: |
61440
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2165651125.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
596000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194900592.0000000000596000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
596000
|
Size: |
20480
|
|
1E3A0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2532973108.000000001E3A0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
1E3A0000
|
Size: |
163840
|
|
210C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170887589.000000000210C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
210C000
|
Size: |
798720
|
|
434000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000002.00000002.2170520007.0000000000434000.00000002.00000001.01000000.00000007.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
434000
|
Size: |
77824
|
|
2790000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2406325077.0000000002790000.00000002.00000001.00040000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
2790000
|
Size: |
4096
|
|
1E3A0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2536103346.000000001E3A0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
1E3A0000
|
Size: |
163840
|
|
2D4E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196118649.0000000002D4E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2D4E000
|
Size: |
24576
|
|
2FEE000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406700119.0000000002FEE000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2FEE000
|
Size: |
8192
|
|
35FD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2530036282.00000000035FD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35FD000
|
Size: |
12288
|
|
5DC000
|
stack
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635198121.00000000005DC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5DC000
|
Size: |
16384
|
|
1DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170207223.00000000001DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1DE000
|
Size: |
8192
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147608978.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147243842.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
160000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194652943.0000000000160000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
160000
|
Size: |
49152
|
|
6EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170748469.00000000006EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6EE000
|
Size: |
8192
|
|
331C000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196742262.000000000331C000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
331C000
|
Size: |
290816
|
|
3F0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000001.2142877089.00000000003F0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
image loaded
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3F0000
|
Size: |
2183168
|
|
668000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000009.00000002.2540706623.0000000000668000.00000008.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
668000
|
Size: |
4096
|
|
1E36A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2547105138.000000001E36A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1E36A000
|
Size: |
24576
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2165690923.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433891837.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
1BD40000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2437750086.000000001BD40000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
1BD40000
|
Size: |
4096
|
|
8B4000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2142258743.00000000008B4000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
8B4000
|
Size: |
28672
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2437015356.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144234683.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147323613.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
275C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406303194.000000000275C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
275C000
|
Size: |
16384
|
|
26A3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195560653.00000000026A3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
26A3000
|
Size: |
667648
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2C0E000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406519668.0000000002C0E000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2C0E000
|
Size: |
8192
|
|
27500000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000002.00000002.2171936415.0000000027500000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
27500000
|
Size: |
4096
|
|
24D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195472223.00000000024D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
24D0000
|
Size: |
4096
|
|
1ED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540112609.00000000001ED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1ED000
|
Size: |
12288
|
|
184000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.2171271192.0000000000184000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
184000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146824740.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
35B3000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2449897112.00000000035B3000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35B3000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433819090.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
8C1000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2188221567.00000000008C1000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
8C1000
|
Size: |
233472
|
|
35D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2451026839.00000000035D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35D8000
|
Size: |
110592
|
|
1E2D0000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2547033024.000000001E2D0000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
1E2D0000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2436957752.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540314947.000000000044E000.00000004.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
44E000
|
Size: |
32768
|
|
880000
|
heap
|
page read and write
|
|
|
|
Name: |
0000000D.00000002.2635237636.0000000000880000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
13
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
880000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435131682.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
1E2BF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2547007423.000000001E2BF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1E2BF000
|
Size: |
4096
|
|
663000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000009.00000002.2540682654.0000000000663000.00000002.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
663000
|
Size: |
12288
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147180100.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
2209000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2171024473.0000000002209000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2209000
|
Size: |
4096
|
|
35B6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2449897112.00000000035B6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
35B6000
|
Size: |
135168
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433960862.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
544000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000003.2169760576.0000000000544000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
544000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434726063.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
31B000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2188221567.000000000031B000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
31B000
|
Size: |
16384
|
|
3615000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.0000000003615000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3615000
|
Size: |
57344
|
|
359F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.000000000359F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
359F000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
4C17000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406823080.0000000004C17000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4C17000
|
Size: |
1187840
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146977443.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000002.00000000.2165520696.0000000000400000.00000002.00000001.01000000.00000007.sdmp
|
TargetID: |
2
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147916330.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
901000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2142258743.0000000000901000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
901000
|
Size: |
126976
|
|
434000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000003.00000000.2169683833.0000000000434000.00000002.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
434000
|
Size: |
77824
|
|
6AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195125145.00000000006AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6AE000
|
Size: |
8192
|
|
3014000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2235750843.0000000003014000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3014000
|
Size: |
163840
|
|
184000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000003.2173608919.0000000000184000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
184000
|
Size: |
4096
|
|
2463C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2549488989.000000002463C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2463C000
|
Size: |
16384
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435719583.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
2BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2196118649.0000000002BB0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2BB0000
|
Size: |
1196032
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
44D6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2192910487.00000000044D6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
44D6000
|
Size: |
430080
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434386302.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147345157.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147879785.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
275BE000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000002.00000002.2172060310.00000000275BE000.00000002.00000001.01000000.00000008.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
275BE000
|
Size: |
36864
|
|
1F40000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2195195170.0000000001F40000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
1F40000
|
Size: |
12288
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434971660.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
2E90000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191179723.0000000002E90000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2E90000
|
Size: |
167936
|
|
4E68000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2160421868.0000000004E68000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4E68000
|
Size: |
32768
|
|
431000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000003.00000000.2169663605.0000000000431000.00000008.00000001.01000000.00000009.sdmp
|
TargetID: |
3
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
431000
|
Size: |
12288
|
|
39E1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146376473.00000000039E1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
39E1000
|
Size: |
2424832
|
|
4122000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2192910487.0000000004122000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4122000
|
Size: |
131072
|
|
31B000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.2142258743.000000000031B000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
31B000
|
Size: |
16384
|
|
140000
|
heap
|
page read and write
|
|
|
|
Name: |
00000002.00000002.2170121149.0000000000140000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
2
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
140000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433417440.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
65536
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146004196.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434335083.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435445751.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
DD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194432095.00000000000DD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
DD000
|
Size: |
12288
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434997718.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
4DC1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2164970254.0000000004DC1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
4DC1000
|
Size: |
69632
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434841782.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2434292669.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3014000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2235667194.0000000003014000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
3014000
|
Size: |
163840
|
|
298B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2191034793.000000000298B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
298B000
|
Size: |
4096
|
|
2D4E000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2406556328.0000000002D4E000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2D4E000
|
Size: |
8192
|
|
3670000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2541375791.0000000003670000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3670000
|
Size: |
53248
|
|
3F0000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000002.2188221567.00000000003F0000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
3F0000
|
Size: |
4988928
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147377668.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
45B000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000002.2540314947.000000000045B000.00000004.00000001.01000000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
45B000
|
Size: |
8192
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146082479.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433799128.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2C44000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000004.00000003.2406191411.0000000002C44000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
2C44000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146680123.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146767966.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
5D1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000003.00000002.2194900592.00000000005D1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
3
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5D1000
|
Size: |
24576
|
|
BCB1000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2435834862.000000000BCB1000.00000004.00000001.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
BCB1000
|
Size: |
4096
|
|
9C4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147041598.00000000009C4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9C4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000009.00000003.2433980821.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
9
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|