|
4977000
|
trusted library allocation
|
page read and write
|
 |
|
|
| Name: |
00000009.00000002.3277251344.0000000004977000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4977000
|
| Size: |
7348224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
|
|
22210102000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3199339643.0000022210102000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22210102000
|
| Size: |
7348224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
|
|
29A1E5E3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3289127390.0000029A1E5E3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A1E5E3000
|
| Size: |
7348224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
|
|
2FB7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392331418.0000000002FB7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FB7000
|
| Size: |
7348224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
|
|
52C3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3268435624.00000000052C3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52C3000
|
| Size: |
7348224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
|
|
1FE74A28000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3252240515.000001FE74A28000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE74A28000
|
| Size: |
7348224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
|
|
28F6CFD2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3187871351.0000028F6CFD2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6CFD2000
|
| Size: |
7348224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
|
|
2C70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276785521.0000000002C70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C70000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected UAC Bypass using CMSTP |
Exploits |
|
|
|
AF95AFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190516542.000000AF95AFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF95AFD000
|
| Size: |
12288
|
|
|
7FFD940FF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3208264383.00007FFD940FF000.00000004.00000001.01000000.0000001A.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD940FF000
|
| Size: |
4096
|
|
|
7FFDA5471000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3209389034.00007FFDA5471000.00000004.00000001.01000000.00000016.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA5471000
|
| Size: |
4096
|
|
|
28F6D6E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3188533716.0000028F6D6E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6D6E4000
|
| Size: |
1527808
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
28F62B00000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3181014766.0000028F62B00000.00000002.00000001.01000000.00000010.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
28F62B00000
|
| Size: |
3989504
|
|
|
806E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297623373.000000000806E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
806E000
|
| Size: |
8192
|
|
|
7FB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2279621522.0000000007FB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB9000
|
| Size: |
4096
|
|
|
7FFDAF370000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255310740.00007FFDAF370000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAF370000
|
| Size: |
4096
|
|
|
29A15140000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3283160895.0000029A15140000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
29A15140000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3265214324.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
8261000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457076123.0000000008261000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8261000
|
| Size: |
671744
|
|
|
1FE6B14C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3246729756.000001FE6B14C000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1FE6B14C000
|
| Size: |
61440
|
|
|
8269000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458975344.0000000008269000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8269000
|
| Size: |
819200
|
|
|
7FF7EE0C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.3207750495.00007FF7EE0C1000.00000020.00000001.01000000.00000012.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF7EE0C1000
|
| Size: |
184320
|
|
|
1FE6D8D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3248668218.000001FE6D8D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6D8D0000
|
| Size: |
4096
|
|
|
56EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3280106314.00000000056EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56EF000
|
| Size: |
4096
|
|
|
7FFDA5550000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254861495.00007FFDA5550000.00000002.00000001.01000000.00000019.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5550000
|
| Size: |
4096
|
|
|
7FFDA38C2000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000004.00000002.3191404890.00007FFDA38C2000.00000008.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFDA38C2000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3270865392.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
8CA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2531227354.0000000008CA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8CA7000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7FFDA5541000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3254784682.00007FFDA5541000.00000020.00000001.01000000.0000001B.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA5541000
|
| Size: |
16384
|
|
|
7FFDA36C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.3191070590.00007FFDA36C1000.00000020.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA36C1000
|
| Size: |
1593344
|
|
|
7FF627C41000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000000.2913508245.00007FF627C41000.00000020.00000001.01000000.00000006.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF627C41000
|
| Size: |
184320
|
|
|
7FC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281350734.0000000007FC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC2000
|
| Size: |
4096
|
|
|
7FFD948B7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291122542.00007FFD948B7000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD948B7000
|
| Size: |
16384
|
|
|
1FE6BF90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3246729756.000001FE6BF90000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1FE6BF90000
|
| Size: |
1462272
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229572148.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
5AF9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3269101060.0000000005AF9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5AF9000
|
| Size: |
4096
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310842423.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
404A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000404A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
404A000
|
| Size: |
4096
|
|
|
1FE75A30000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3253301588.000001FE75A30000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1FE75A30000
|
| Size: |
102400
|
|
|
28F65CC5000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179158366.0000028F65CC5000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
28F65CC5000
|
| Size: |
1048576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5636000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431030706.0000000005636000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5636000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310934788.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281856336.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263724658.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229755694.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
562F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530148228.000000000562F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
562F000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3270789363.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309329074.0000000007F79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F79000
|
| Size: |
20480
|
|
|
56AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3280083671.00000000056AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56AE000
|
| Size: |
8192
|
|
|
405E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000405E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
405E000
|
| Size: |
8192
|
|
|
7FFDA5BB3000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3255158207.00007FFDA5BB3000.00000004.00000001.01000000.00000014.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA5BB3000
|
| Size: |
12288
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310768749.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
5613000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431030706.0000000005613000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5613000
|
| Size: |
73728
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206482397.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
7FFDA55E1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.3192026650.00007FFDA55E1000.00000020.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA55E1000
|
| Size: |
69632
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264483396.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
28F6355D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3181014766.0000028F6355D000.00000002.00000001.01000000.00000010.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
28F6355D000
|
| Size: |
32768
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312297673.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271674537.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229169632.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
7FFDA5B80000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255087733.00007FFDA5B80000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5B80000
|
| Size: |
4096
|
|
|
7FFDA55E1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.3292148430.00007FFDA55E1000.00000020.00000001.01000000.00000017.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA55E1000
|
| Size: |
65536
|
|
|
29A1F262000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3290353149.0000029A1F262000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29A1F262000
|
| Size: |
65536
|
|
|
7FFD942B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208605262.00007FFD942B0000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD942B0000
|
| Size: |
4096
|
|
|
28F65CC1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179828900.0000028F65CC1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
28F65CC1000
|
| Size: |
524288
|
|
|
417E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000417E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
417E000
|
| Size: |
8192
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261833117.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263385459.0000000007FAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAB000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
8261000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457686866.0000000008261000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8261000
|
| Size: |
720896
|
|
|
22210F90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3206664361.0000022210F90000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
22210F90000
|
| Size: |
491520
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264327945.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDA5BBC000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3192280472.00007FFDA5BBC000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5BBC000
|
| Size: |
8192
|
|
|
7F69000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2278999770.0000000007F69000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F69000
|
| Size: |
12288
|
|
|
7F9C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280317490.0000000007F9C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9C000
|
| Size: |
4096
|
|
|
7FFD944D3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209028157.00007FFD944D3000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD944D3000
|
| Size: |
28672
|
|
|
22205A2A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190568108.0000022205A2A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22205A2A000
|
| Size: |
266240
|
|
|
EDF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391344044.0000000000EDF000.00000004.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
EDF000
|
| Size: |
8192
|
|
|
408E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000408E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
408E000
|
| Size: |
20480
|
|
|
830A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456377265.000000000830A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
830A000
|
| Size: |
614400
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312401099.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
8147000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297623373.0000000008147000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8147000
|
| Size: |
4096
|
|
|
3BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3390139807.00000000003BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3BE000
|
| Size: |
8192
|
|
|
8269000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459973474.0000000008269000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8269000
|
| Size: |
901120
|
|
|
7F9C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280037893.0000000007F9C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9C000
|
| Size: |
4096
|
|
|
1FE6D8C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3248585107.000001FE6D8C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6D8C5000
|
| Size: |
28672
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262067678.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3246682627.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
7F98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263292854.0000000007F98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F98000
|
| Size: |
8192
|
|
|
7FFDAF382000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255382368.00007FFDAF382000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAF382000
|
| Size: |
8192
|
|
|
40A6000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040A6000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40A6000
|
| Size: |
12288
|
|
|
4120000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004120000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4120000
|
| Size: |
20480
|
|
|
82FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455783259.00000000082FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
82FD000
|
| Size: |
565248
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309947304.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
29A14060000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3282921190.0000029A14060000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A14060000
|
| Size: |
4096
|
|
|
6260000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3269403073.0000000006260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6260000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273436083.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
1FE75B38000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3253326382.000001FE75B38000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1FE75B38000
|
| Size: |
294912
|
|
|
37ED000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392757195.00000000037ED000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
37ED000
|
| Size: |
458752
|
|
|
28F62A4D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179887781.0000028F62A4D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F62A4D000
|
| Size: |
4096
|
|
|
8261000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2461236298.0000000008261000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8261000
|
| Size: |
958464
|
|
|
5D81000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3204475491.0000000005D81000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5D81000
|
| Size: |
131072
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273034811.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F9B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263606246.0000000007F9B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9B000
|
| Size: |
8192
|
|
|
7F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312562675.0000000007F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F74000
|
| Size: |
4096
|
|
|
7F61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263292854.0000000007F61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F61000
|
| Size: |
81920
|
|
|
8263000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456952151.0000000008263000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8263000
|
| Size: |
655360
|
|
|
376E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3268099084.000000000376E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
376E000
|
| Size: |
4096
|
|
|
28F62A4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179370523.0000028F62A4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F62A4E000
|
| Size: |
110592
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7FFD94660000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3290749230.00007FFD94660000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD94660000
|
| Size: |
4096
|
|
|
7F96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296738125.0000000007F96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F96000
|
| Size: |
4096
|
|
|
7FFDA5521000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.3191584311.00007FFDA5521000.00000020.00000001.01000000.0000000F.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA5521000
|
| Size: |
16384
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262356952.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
826D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456812447.000000000826D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826D000
|
| Size: |
647168
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313758907.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311875285.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
7FF7EE0EE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.3180313842.00007FF7EE0EE000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0EE000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
8268000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2532921909.0000000008268000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8268000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7FF7EE0FF000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000000.3227348102.00007FF7EE0FF000.00000008.00000001.01000000.00000012.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FF7EE0FF000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272443775.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
1166000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391967225.0000000001166000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1166000
|
| Size: |
8192
|
|
|
7FFDA5551000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.3291998874.00007FFDA5551000.00000020.00000001.01000000.00000019.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA5551000
|
| Size: |
348160
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273891043.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3265100007.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDA38C4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3254645942.00007FFDA38C4000.00000004.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA38C4000
|
| Size: |
8192
|
|
|
5637000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314329754.0000000005637000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5637000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
|
7FFDA55D4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3254941096.00007FFDA55D4000.00000004.00000001.01000000.00000019.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA55D4000
|
| Size: |
16384
|
|
|
28F6DCD7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3188716039.0000028F6DCD7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F6DCD7000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272397389.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
8311000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457319267.0000000008311000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8311000
|
| Size: |
688128
|
|
|
EE1000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000002.3391378690.0000000000EE1000.00000008.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
EE1000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312020784.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
833A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458573607.000000000833A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
833A000
|
| Size: |
786432
|
|
|
29A1F256000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3290353149.0000029A1F256000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29A1F256000
|
| Size: |
16384
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310842423.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
2220666C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3190845455.000002220666C000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2220666C000
|
| Size: |
61440
|
|
|
2C0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276721895.0000000002C0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C0F000
|
| Size: |
4096
|
|
|
4172000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004172000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4172000
|
| Size: |
45056
|
|
|
4088000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004088000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4088000
|
| Size: |
4096
|
|
|
7FFD9489A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3291013695.00007FFD9489A000.00000004.00000001.01000000.0000001A.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD9489A000
|
| Size: |
4096
|
|
|
8323000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458108026.0000000008323000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8323000
|
| Size: |
753664
|
|
|
7FCA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263606246.0000000007FCA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FCA000
|
| Size: |
4096
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206265979.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261707242.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2279908862.0000000007FB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB2000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3265264885.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2227488599.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
65536
|
|
|
7F61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309239543.0000000007F61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F61000
|
| Size: |
36864
|
|
|
7FFDA43B4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3209157875.00007FFDA43B4000.00000004.00000001.01000000.00000019.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA43B4000
|
| Size: |
16384
|
|
|
7FFDA5517000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209644250.00007FFDA5517000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5517000
|
| Size: |
16384
|
|
|
7FFDA5545000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291901049.00007FFDA5545000.00000002.00000001.01000000.0000001B.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5545000
|
| Size: |
12288
|
|
|
7FFDAF370000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292536243.00007FFDAF370000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAF370000
|
| Size: |
4096
|
|
|
7FFDA54B1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.3209453076.00007FFDA54B1000.00000020.00000001.01000000.0000001B.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA54B1000
|
| Size: |
16384
|
|
|
7FFDA3878000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191290114.00007FFDA3878000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA3878000
|
| Size: |
167936
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7FFDA4386000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209122976.00007FFDA4386000.00000002.00000001.01000000.00000019.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA4386000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7F75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309515310.0000000007F75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F75000
|
| Size: |
8192
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229418319.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
22206AA9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3190845455.0000022206AA9000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
22206AA9000
|
| Size: |
24576
|
|
|
98A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000000.3246616299.000000000098A000.00000008.00000001.01000000.0000001D.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
98A000
|
| Size: |
8192
|
|
|
8266000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2461007824.0000000008266000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8266000
|
| Size: |
950272
|
|
|
835E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2460562675.000000000835E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
835E000
|
| Size: |
933888
|
|
|
8267000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455444086.0000000008267000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8267000
|
| Size: |
540672
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3265162529.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDA3530000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291152438.00007FFDA3530000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA3530000
|
| Size: |
4096
|
|
|
7FB6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296497117.0000000007FB6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB6000
|
| Size: |
4096
|
|
|
28F62A4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179743896.0000028F62A4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F62A4E000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
28F65CC1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179508463.0000028F65CC1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
28F65CC1000
|
| Size: |
262144
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FFD947E8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3253964085.00007FFD947E8000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD947E8000
|
| Size: |
724992
|
|
|
7FFDA38C7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3254645942.00007FFDA38C7000.00000004.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA38C7000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311717554.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
8369000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2461743477.0000000008369000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8369000
|
| Size: |
983040
|
|
|
1FE6A710000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3246729756.000001FE6A710000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1FE6A710000
|
| Size: |
3989504
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309615770.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
7FFDA5BB7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3192252898.00007FFDA5BB7000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5BB7000
|
| Size: |
16384
|
|
|
7FFDA54B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209431411.00007FFDA54B0000.00000002.00000001.01000000.0000001B.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA54B0000
|
| Size: |
4096
|
|
|
7FFD948A1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291092401.00007FFD948A1000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD948A1000
|
| Size: |
81920
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229183852.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
561F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530148228.000000000561F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
561F000
|
| Size: |
16384
|
|
|
7FFDA5472000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209409886.00007FFDA5472000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5472000
|
| Size: |
8192
|
|
|
4152000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004152000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4152000
|
| Size: |
4096
|
|
|
7FF627C7F000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000004.00000000.2913592007.00007FF627C7F000.00000008.00000001.01000000.00000006.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FF627C7F000
|
| Size: |
8192
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264214423.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDA5549000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291951524.00007FFDA5549000.00000002.00000001.01000000.0000001B.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5549000
|
| Size: |
12288
|
|
|
EE2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391412535.0000000000EE2000.00000004.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
EE2000
|
| Size: |
12288
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273601341.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDA38DB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254691239.00007FFDA38DB000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA38DB000
|
| Size: |
24576
|
|
|
57B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3280253393.00000000057B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57B0000
|
| Size: |
4096
|
|
|
7FFDA5BBC000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255195451.00007FFDA5BBC000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5BBC000
|
| Size: |
8192
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311570135.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
564F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416585466.000000000564F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
564F000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
40E2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040E2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40E2000
|
| Size: |
4096
|
|
|
2C0A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392191199.0000000002C0A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C0A000
|
| Size: |
1187840
|
|
|
7F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310684904.0000000007F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F74000
|
| Size: |
4096
|
|
|
7FAA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280037893.0000000007FAA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAA000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7FDF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296442875.0000000007FDF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FDF000
|
| Size: |
143360
|
|
|
126F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392011406.000000000126F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
126F000
|
| Size: |
4096
|
|
|
5AFD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3269101060.0000000005AFD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5AFD000
|
| Size: |
458752
|
|
|
7F83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263292854.0000000007F83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F83000
|
| Size: |
73728
|
|
|
8264000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2460799921.0000000008264000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8264000
|
| Size: |
933888
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271283706.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
5550000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229964046.0000000005550000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
5550000
|
| Size: |
4096
|
|
|
7F8D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430985540.0000000007F8D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8D000
|
| Size: |
4096
|
|
|
800D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314117937.000000000800D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
800D000
|
| Size: |
4096
|
|
|
1FE6B143000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3246729756.000001FE6B143000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1FE6B143000
|
| Size: |
32768
|
|
|
7FFD940FB000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000005.00000002.3208240204.00007FFD940FB000.00000008.00000001.01000000.0000001A.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFD940FB000
|
| Size: |
16384
|
|
|
1350000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392147391.0000000001350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1350000
|
| Size: |
53248
|
|
|
28F6C295000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3186986478.0000028F6C295000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6C295000
|
| Size: |
6680576
|
|
|
7F93000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263452985.0000000007F93000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F93000
|
| Size: |
8192
|
|
|
22208E5C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3194058155.0000022208E5C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
22208E5C000
|
| Size: |
4096
|
|
|
7FC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296497117.0000000007FC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC6000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263615192.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
5626000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431197864.0000000005626000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5626000
|
| Size: |
8192
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312710287.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
28F62A26000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180678422.0000028F62A26000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F62A26000
|
| Size: |
12288
|
|
|
7FFD9443C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208804442.00007FFD9443C000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD9443C000
|
| Size: |
176128
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
405A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000405A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
405A000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262459699.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271371081.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
8353000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2461425180.0000000008353000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8353000
|
| Size: |
966656
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262405308.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDAF386000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3209758962.00007FFDAF386000.00000004.00000001.01000000.00000015.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDAF386000
|
| Size: |
8192
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2227516131.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
7FF627C6E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3189571609.00007FF627C6E000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF627C6E000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
8351000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2460049531.0000000008351000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8351000
|
| Size: |
901120
|
|
|
826F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457559358.000000000826F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826F000
|
| Size: |
704512
|
|
|
413C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000413C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
413C000
|
| Size: |
36864
|
|
|
7F98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263606246.0000000007F98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F98000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
564F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431150141.000000000564F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
564F000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7F61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296210506.0000000007F61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F61000
|
| Size: |
16384
|
|
|
40AE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040AE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40AE000
|
| Size: |
102400
|
|
|
AF959FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190487149.000000AF959FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF959FD000
|
| Size: |
12288
|
|
|
7FB3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281122020.0000000007FB3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB3000
|
| Size: |
4096
|
|
|
7FFDA54E1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.3209570152.00007FFDA54E1000.00000020.00000001.01000000.00000014.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA54E1000
|
| Size: |
159744
|
|
|
7FFDA5541000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.3291876854.00007FFDA5541000.00000020.00000001.01000000.0000001B.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA5541000
|
| Size: |
16384
|
|
|
7F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312881319.0000000007F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F74000
|
| Size: |
4096
|
|
|
96A7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2531227354.00000000096A7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
96A7000
|
| Size: |
212992
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261764634.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312257900.0000000007F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F74000
|
| Size: |
4096
|
|
|
8322000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457508647.0000000008322000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8322000
|
| Size: |
704512
|
|
|
7FFD94660000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3189904680.00007FFD94660000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD94660000
|
| Size: |
4096
|
|
|
7FFD9489F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3291067356.00007FFD9489F000.00000004.00000001.01000000.0000001A.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD9489F000
|
| Size: |
8192
|
|
|
7FFDA55F6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3255044203.00007FFDA55F6000.00000004.00000001.01000000.00000017.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA55F6000
|
| Size: |
4096
|
|
|
4DFE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2121925905.0000000004DFE000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4DFE000
|
| Size: |
536576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
DD487FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180572983.000000DD487FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DD487FE000
|
| Size: |
8192
|
|
|
4052000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004052000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4052000
|
| Size: |
28672
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261480317.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
28F63980000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3181014766.0000028F63980000.00000002.00000001.01000000.00000010.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
28F63980000
|
| Size: |
10485760
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264697925.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310271556.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
7FFDA5540000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291851100.00007FFDA5540000.00000002.00000001.01000000.0000001B.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5540000
|
| Size: |
4096
|
|
|
7FFD948A1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3190686326.00007FFD948A1000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD948A1000
|
| Size: |
81920
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272168455.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
28F62A4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179276779.0000028F62A4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F62A4E000
|
| Size: |
131072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FFDA38C4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3191427547.00007FFDA38C4000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA38C4000
|
| Size: |
8192
|
|
|
27F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276283715.00000000027F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
27F0000
|
| Size: |
4096
|
|
|
7FD3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263757782.0000000007FD3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD3000
|
| Size: |
126976
|
|
|
819000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3390278058.0000000000819000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
819000
|
| Size: |
24576
|
|
|
7FFDA3878000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291594150.00007FFDA3878000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA3878000
|
| Size: |
167936
|
|
|
564F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314329754.000000000564F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
564F000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
8268000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456170908.0000000008268000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8268000
|
| Size: |
598016
|
|
|
3DAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392944079.0000000003DAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3DAF000
|
| Size: |
4096
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312786394.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
4096
|
|
|
7FFDAC0AA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255292097.00007FFDAC0AA000.00000002.00000001.01000000.00000015.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAC0AA000
|
| Size: |
12288
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3260057722.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
7FAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296497117.0000000007FAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAE000
|
| Size: |
4096
|
|
|
29A15139000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3283160895.0000029A15139000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
29A15139000
|
| Size: |
24576
|
|
|
563F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530148228.000000000563F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
563F000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271908492.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
28F62A4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179627438.0000028F62A4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F62A4E000
|
| Size: |
131072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7F85000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280037893.0000000007F85000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F85000
|
| Size: |
12288
|
|
|
4F1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3268160199.0000000004F1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F1F000
|
| Size: |
1187840
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311952177.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
7F83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416560266.0000000007F83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F83000
|
| Size: |
12288
|
|
|
7FFC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263757782.0000000007FFC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFC000
|
| Size: |
4096
|
|
|
7F75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263894914.0000000007F75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F75000
|
| Size: |
4096
|
|
|
3630000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3268063046.0000000003630000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3630000
|
| Size: |
122880
|
|
|
12AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392032334.00000000012AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12AC000
|
| Size: |
16384
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3270912761.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
F24000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391522174.0000000000F24000.00000004.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
F24000
|
| Size: |
4096
|
|
|
8B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.3246482285.00000000008B0000.00000002.00000001.01000000.0000001D.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8B0000
|
| Size: |
4096
|
|
|
7F83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263385459.0000000007F83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F83000
|
| Size: |
73728
|
|
|
565E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416536420.000000000565E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
565E000
|
| Size: |
4096
|
|
|
7F8C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280037893.0000000007F8C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8C000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261663822.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
410E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000410E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
410E000
|
| Size: |
12288
|
|
|
7FFDA3849000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.3191070590.00007FFDA3849000.00000020.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA3849000
|
| Size: |
8192
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264449400.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
4DE4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2121639614.0000000004DE4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4DE4000
|
| Size: |
4096
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229655370.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
7FB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281122020.0000000007FB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB8000
|
| Size: |
4096
|
|
|
7FFD94121000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.3208361368.00007FFD94121000.00000020.00000001.01000000.00000018.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFD94121000
|
| Size: |
868352
|
|
|
7F69000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296210506.0000000007F69000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F69000
|
| Size: |
4096
|
|
|
7FF627C40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.2913457316.00007FF627C40000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF627C40000
|
| Size: |
4096
|
|
|
8263000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455849902.0000000008263000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8263000
|
| Size: |
573440
|
|
|
1FE6A4B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3246397177.000001FE6A4B0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6A4B0000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273215365.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280037893.0000000007F96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F96000
|
| Size: |
4096
|
|
|
7F6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281983503.0000000007F6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6E000
|
| Size: |
28672
|
|
|
141000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.2119185818.0000000000141000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
141000
|
| Size: |
872448
|
|
|
826D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2461653400.000000000826D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826D000
|
| Size: |
974848
|
|
|
7F6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309345335.0000000007F6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6E000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263238146.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
8068000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297623373.0000000008068000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8068000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272882137.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFD9489A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3190592240.00007FFD9489A000.00000004.00000001.01000000.0000000E.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD9489A000
|
| Size: |
4096
|
|
|
7FFDAC091000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3255232616.00007FFDAC091000.00000020.00000001.01000000.00000015.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDAC091000
|
| Size: |
69632
|
|
|
8265000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458163422.0000000008265000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8265000
|
| Size: |
753664
|
|
|
409C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000409C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
409C000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311487416.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
12FE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392078991.00000000012FE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
12FE000
|
| Size: |
4096
|
|
|
4041000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004041000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4041000
|
| Size: |
4096
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3246702984.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
2D20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276892903.0000000002D20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D20000
|
| Size: |
20480
|
|
|
7FB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2276456563.0000000007FB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB9000
|
| Size: |
4096
|
|
|
5080000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3279193333.0000000005080000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5080000
|
| Size: |
1196032
|
|
|
8347000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459326632.0000000008347000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8347000
|
| Size: |
851968
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271050594.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
22211010000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3207018812.0000022211010000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
22211010000
|
| Size: |
102400
|
|
|
8368000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462266682.0000000008368000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8368000
|
| Size: |
1015808
|
|
|
7FC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430786248.0000000007FC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC7000
|
| Size: |
4096
|
|
|
3FB2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393008179.0000000003FB2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB2000
|
| Size: |
4096
|
|
|
8264000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456443008.0000000008264000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8264000
|
| Size: |
622592
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312786394.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
4096
|
|
|
7FFDA36B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291371545.00007FFDA36B0000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA36B0000
|
| Size: |
16384
|
|
|
7FFDA5525000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191612027.00007FFDA5525000.00000002.00000001.01000000.0000000F.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5525000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311012242.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313096878.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313517401.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
7FFDA5549000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254841680.00007FFDA5549000.00000002.00000001.01000000.0000001B.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5549000
|
| Size: |
12288
|
|
|
22208DF0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3194058155.0000022208DF0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
22208DF0000
|
| Size: |
208896
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273476749.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280037893.0000000007F9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9F000
|
| Size: |
4096
|
|
|
7FFDA55A6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254913709.00007FFDA55A6000.00000002.00000001.01000000.00000019.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55A6000
|
| Size: |
188416
|
|
|
8263000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2460444923.0000000008263000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8263000
|
| Size: |
925696
|
|
|
2497E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395306576.000000002497E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2497E000
|
| Size: |
8192
|
|
|
7F94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281350734.0000000007F94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F94000
|
| Size: |
8192
|
|
|
5634000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2262586525.0000000005634000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5634000
|
| Size: |
4096
|
|
|
2D27000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276892903.0000000002D27000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D27000
|
| Size: |
8192
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263292854.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
5656000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309485646.0000000005656000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5656000
|
| Size: |
20480
|
|
|
7F6C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430920870.0000000007F6C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6C000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FFDA3849000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.3291448938.00007FFDA3849000.00000020.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA3849000
|
| Size: |
8192
|
|
|
28F6DC66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3188716039.0000028F6DC66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F6DC66000
|
| Size: |
458752
|
|
|
7FFD940F9000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000005.00000002.3208195624.00007FFD940F9000.00000008.00000001.01000000.0000001A.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFD940F9000
|
| Size: |
4096
|
|
|
83FB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458437862.00000000083FB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83FB000
|
| Size: |
778240
|
|
|
563F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431150141.000000000563F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
563F000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FFD948A1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254135589.00007FFD948A1000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD948A1000
|
| Size: |
81920
|
|
|
837D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462513148.000000000837D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
837D000
|
| Size: |
1032192
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313096878.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
4096
|
|
|
1050000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391853828.0000000001050000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1050000
|
| Size: |
28672
|
|
|
8260000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530484775.0000000008260000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8260000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7FFDA5460000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209323766.00007FFDA5460000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5460000
|
| Size: |
4096
|
|
|
29A14D1D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3283160895.0000029A14D1D000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
29A14D1D000
|
| Size: |
32768
|
|
|
7FA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297518445.0000000007FA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA7000
|
| Size: |
143360
|
|
|
7F7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530080635.0000000007F7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7F000
|
| Size: |
28672
|
|
|
28F62A4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179705467.0000028F62A4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F62A4E000
|
| Size: |
110592
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261526212.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261591554.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
F47000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.3391660704.0000000000F47000.00000002.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
F47000
|
| Size: |
139264
|
|
|
5530000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3279973596.0000000005530000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5530000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271766005.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
4146000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004146000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4146000
|
| Size: |
4096
|
|
|
7FBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314259292.0000000007FBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBA000
|
| Size: |
4096
|
|
|
1FE6A6A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3246495262.000001FE6A6A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6A6A9000
|
| Size: |
24576
|
|
|
F3C4CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3282887622.000000F3C4CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F3C4CFE000
|
| Size: |
8192
|
|
|
22208FA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3194132218.0000022208FA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22208FA0000
|
| Size: |
12288
|
|
|
7FF7EE0EE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3253779960.00007FF7EE0EE000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0EE000
|
| Size: |
69632
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3274009760.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297582625.0000000007F75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F75000
|
| Size: |
8192
|
|
|
3A70000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392925332.0000000003A70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3A70000
|
| Size: |
4096
|
|
|
EE5000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000002.3391435125.0000000000EE5000.00000008.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
EE5000
|
| Size: |
172032
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206668639.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
403A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000403A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
403A000
|
| Size: |
16384
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272699433.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311083538.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
4096
|
|
|
7FFDA55F1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255024573.00007FFDA55F1000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55F1000
|
| Size: |
20480
|
|
|
3631000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3204734905.0000000003631000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3631000
|
| Size: |
147456
|
|
|
7FF7EE0C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.3290622657.00007FF7EE0C1000.00000020.00000001.01000000.00000012.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF7EE0C1000
|
| Size: |
184320
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271467091.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDA54B8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3209494926.00007FFDA54B8000.00000004.00000001.01000000.0000001B.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA54B8000
|
| Size: |
4096
|
|
|
6FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3390208250.00000000006FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FC000
|
| Size: |
16384
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261685688.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDA38C7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3291727275.00007FFDA38C7000.00000004.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA38C7000
|
| Size: |
4096
|
|
|
222074B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3190845455.00000222074B0000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
222074B0000
|
| Size: |
1462272
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261809948.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
1FE6D8C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3248585107.000001FE6D8C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6D8C0000
|
| Size: |
12288
|
|
|
341E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267884172.000000000341E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
341E000
|
| Size: |
8192
|
|
|
7FFDA3530000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3190743690.00007FFDA3530000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA3530000
|
| Size: |
4096
|
|
|
565E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309485646.000000000565E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
565E000
|
| Size: |
4096
|
|
|
408A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000408A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
408A000
|
| Size: |
4096
|
|
|
12F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392078991.00000000012F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
12F0000
|
| Size: |
4096
|
|
|
83B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456577358.00000000083B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83B6000
|
| Size: |
630784
|
|
|
34F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267917530.00000000034F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
34F0000
|
| Size: |
4096
|
|
|
51A9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3279193333.00000000051A9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
51A9000
|
| Size: |
4096
|
|
|
28F62A2C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180678422.0000028F62A2C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F62A2C000
|
| Size: |
143360
|
|
|
1FE6B16D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3246729756.000001FE6B16D000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1FE6B16D000
|
| Size: |
32768
|
|
|
7FFDA38CE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291775907.00007FFDA38CE000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA38CE000
|
| Size: |
49152
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3246862893.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
2F5B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267623019.0000000002F5B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F5B000
|
| Size: |
20480
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273768927.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDAC0A2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3192436078.00007FFDAC0A2000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAC0A2000
|
| Size: |
8192
|
|
|
407A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000407A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
407A000
|
| Size: |
4096
|
|
|
1FE75B81000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3253326382.000001FE75B81000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1FE75B81000
|
| Size: |
7348224
|
|
|
29A1F2E7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3290353149.0000029A1F2E7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29A1F2E7000
|
| Size: |
4096
|
|
|
3FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392984809.0000000003FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FAF000
|
| Size: |
4096
|
|
|
7FFDA5540000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254766292.00007FFDA5540000.00000002.00000001.01000000.0000001B.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5540000
|
| Size: |
4096
|
|
|
7FFDA5BB7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292355865.00007FFDA5BB7000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5BB7000
|
| Size: |
16384
|
|
|
7FAA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263834328.0000000007FAA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAA000
|
| Size: |
12288
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229728977.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281350734.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
7FFDA36C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.3291448938.00007FFDA36C1000.00000020.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA36C1000
|
| Size: |
1593344
|
|
|
407E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000407E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
407E000
|
| Size: |
4096
|
|
|
1330000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392126205.0000000001330000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1330000
|
| Size: |
4096
|
|
|
1FE749D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3252240515.000001FE749D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE749D1000
|
| Size: |
352256
|
|
|
7FAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263452985.0000000007FAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAB000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281350734.0000000007FA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA4000
|
| Size: |
118784
|
|
|
28F6353C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3181014766.0000028F6353C000.00000002.00000001.01000000.00000010.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
28F6353C000
|
| Size: |
61440
|
|
|
8087000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297623373.0000000008087000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8087000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FFDA5461000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.3209345543.00007FFDA5461000.00000020.00000001.01000000.00000016.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA5461000
|
| Size: |
45056
|
|
|
7FFD941F5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208447055.00007FFD941F5000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD941F5000
|
| Size: |
614400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
8343000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459045183.0000000008343000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8343000
|
| Size: |
827392
|
|
|
838E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455603029.000000000838E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
838E000
|
| Size: |
557056
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271419531.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDA36A2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254359399.00007FFDA36A2000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA36A2000
|
| Size: |
53248
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310091539.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261156220.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
4080000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004080000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4080000
|
| Size: |
4096
|
|
|
8342000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458908629.0000000008342000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8342000
|
| Size: |
819200
|
|
|
2220F3CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3197108029.000002220F3CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2220F3CC000
|
| Size: |
6680576
|
|
|
401C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000401C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
401C000
|
| Size: |
12288
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229596175.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
7FA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280037893.0000000007FA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA4000
|
| Size: |
4096
|
|
|
FBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391751177.0000000000FBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FBD000
|
| Size: |
12288
|
|
|
8269000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458642392.0000000008269000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8269000
|
| Size: |
794624
|
|
|
29A1DF19000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3288688154.0000029A1DF19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A1DF19000
|
| Size: |
6656000
|
|
|
8265000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455315082.0000000008265000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8265000
|
| Size: |
532480
|
|
|
7FFDA3531000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3254200469.00007FFDA3531000.00000020.00000001.01000000.00000018.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA3531000
|
| Size: |
868352
|
|
|
8320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457622218.0000000008320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8320000
|
| Size: |
712704
|
|
|
7F8D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530080635.0000000007F8D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8D000
|
| Size: |
4096
|
|
|
7FBF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296676270.0000000007FBF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBF000
|
| Size: |
69632
|
|
|
8B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.3390384017.00000000008B0000.00000002.00000001.01000000.0000001D.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8B0000
|
| Size: |
4096
|
|
|
7FF627C6E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.2913536030.00007FF627C6E000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF627C6E000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4126000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004126000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4126000
|
| Size: |
28672
|
|
|
22205A0F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190568108.0000022205A0F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22205A0F000
|
| Size: |
106496
|
|
|
562A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431030706.000000000562A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
562A000
|
| Size: |
4096
|
|
|
7F7A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263894914.0000000007F7A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7A000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
7FFDA3605000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291260141.00007FFDA3605000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA3605000
|
| Size: |
614400
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264254461.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDAC0A6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3255273432.00007FFDAC0A6000.00000004.00000001.01000000.00000015.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDAC0A6000
|
| Size: |
8192
|
|
|
7FFDA5B81000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.3192170922.00007FFDA5B81000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA5B81000
|
| Size: |
159744
|
|
|
7FF7EE0C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000000.3275713327.00007FF7EE0C1000.00000020.00000001.01000000.00000012.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF7EE0C1000
|
| Size: |
184320
|
|
|
5550000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229983920.0000000005550000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
5550000
|
| Size: |
4096
|
|
|
3760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3268099084.0000000003760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3760000
|
| Size: |
53248
|
|
|
7FFD948B7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3190719414.00007FFD948B7000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD948B7000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FBD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430786248.0000000007FBD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBD000
|
| Size: |
4096
|
|
|
835D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2460897517.000000000835D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
835D000
|
| Size: |
942080
|
|
|
8007000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296084669.0000000008007000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8007000
|
| Size: |
20480
|
|
|
29A17475000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3285352049.0000029A17475000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A17475000
|
| Size: |
28672
|
|
|
405C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000405C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
405C000
|
| Size: |
4096
|
|
|
843F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459900763.000000000843F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
843F000
|
| Size: |
892928
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312917512.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273393281.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
4202000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395028778.0000000004202000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4202000
|
| Size: |
12288
|
|
|
7FC4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281350734.0000000007FC4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC4000
|
| Size: |
8192
|
|
|
7FA5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263385459.0000000007FA5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA5000
|
| Size: |
4096
|
|
|
7FAC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263606246.0000000007FAC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAC000
|
| Size: |
106496
|
|
|
7FFDA43B8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209178476.00007FFDA43B8000.00000002.00000001.01000000.00000019.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA43B8000
|
| Size: |
24576
|
|
|
24A7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395329590.0000000024A7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
24A7F000
|
| Size: |
4096
|
|
|
2BC5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264078638.0000000002BC5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC5000
|
| Size: |
4096
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311083538.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
4096
|
|
|
7FFD93EC1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.3207958466.00007FFD93EC1000.00000020.00000001.01000000.0000001A.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFD93EC1000
|
| Size: |
1392640
|
|
|
2F9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267656241.0000000002F9C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F9C000
|
| Size: |
16384
|
|
|
7FFD94117000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208317149.00007FFD94117000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD94117000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262227985.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314117937.0000000007FED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FED000
|
| Size: |
8192
|
|
|
7F98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263452985.0000000007F98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F98000
|
| Size: |
8192
|
|
|
1FE6A590000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3246454238.000001FE6A590000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6A590000
|
| Size: |
8192
|
|
|
5631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431030706.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5631000
|
| Size: |
16384
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262818066.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDAF370000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209689310.00007FFDAF370000.00000002.00000001.01000000.00000015.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAF370000
|
| Size: |
4096
|
|
|
28F6CF7B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3187871351.0000028F6CF7B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6CF7B000
|
| Size: |
352256
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
29A1F276000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3290353149.0000029A1F276000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29A1F276000
|
| Size: |
458752
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263904840.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311570135.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
7F79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309293865.0000000007F79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F79000
|
| Size: |
20480
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312156502.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
4096
|
|
|
7F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313198352.0000000007F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F74000
|
| Size: |
4096
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229197815.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
29A14D0C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3283160895.0000029A14D0C000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
29A14D0C000
|
| Size: |
32768
|
|
|
890000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3390358586.0000000000890000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
890000
|
| Size: |
4096
|
|
|
563F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431030706.000000000563F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
563F000
|
| Size: |
61440
|
|
|
7F87000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2279755173.0000000007F87000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F87000
|
| Size: |
4096
|
|
|
1FE6D910000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3248781745.000001FE6D910000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6D910000
|
| Size: |
4096
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309726624.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
4096
|
|
|
7FFD944BE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208980964.00007FFD944BE000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD944BE000
|
| Size: |
49152
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229511393.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
7FFDA55F6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3192098474.00007FFDA55F6000.00000004.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA55F6000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271558559.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
29A14CF3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3283160895.0000029A14CF3000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
29A14CF3000
|
| Size: |
32768
|
|
|
7F75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263139957.0000000007F75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F75000
|
| Size: |
122880
|
|
|
7FFD94439000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.3208630640.00007FFD94439000.00000020.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFD94439000
|
| Size: |
8192
|
|
|
7F83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416506781.0000000007F83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F83000
|
| Size: |
12288
|
|
|
7FFDA55D6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3191938885.00007FFDA55D6000.00000004.00000001.01000000.0000000C.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA55D6000
|
| Size: |
4096
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3246931515.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
403F000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000403F000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
403F000
|
| Size: |
4096
|
|
|
28F629A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180678422.0000028F629A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F629A0000
|
| Size: |
20480
|
|
|
5631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313947147.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5631000
|
| Size: |
16384
|
|
|
5D80000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3269374546.0000000005D80000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5D80000
|
| Size: |
4096
|
|
|
7F83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263834328.0000000007F83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F83000
|
| Size: |
65536
|
|
|
7F94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263834328.0000000007F94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F94000
|
| Size: |
4096
|
|
|
7FFDA38A5000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3291667425.00007FFDA38A5000.00000004.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA38A5000
|
| Size: |
118784
|
|
|
8366000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462090552.0000000008366000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8366000
|
| Size: |
999424
|
|
|
8263000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458308494.0000000008263000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8263000
|
| Size: |
770048
|
|
|
22211165000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3207058022.0000022211165000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
22211165000
|
| Size: |
7348224
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314259292.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
172032
|
|
|
7FFD9428B000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000005.00000002.3208509481.00007FFD9428B000.00000008.00000001.01000000.00000018.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFD9428B000
|
| Size: |
12288
|
|
|
7FFDAC091000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.3192333522.00007FFDAC091000.00000020.00000001.01000000.00000009.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDAC091000
|
| Size: |
45056
|
|
|
834F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459825909.000000000834F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
834F000
|
| Size: |
884736
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3270828218.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312357810.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313310985.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
7FFDA3878000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254541034.00007FFDA3878000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA3878000
|
| Size: |
167936
|
|
|
28F63566000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3181014766.0000028F63566000.00000002.00000001.01000000.00000010.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
28F63566000
|
| Size: |
4268032
|
|
|
22205C30000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3190845455.0000022205C30000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
22205C30000
|
| Size: |
3989504
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261926789.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
5631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2262586525.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5631000
|
| Size: |
4096
|
|
|
29A141B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3282970707.0000029A141B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A141B4000
|
| Size: |
270336
|
|
|
7FFDA36A2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3190991430.00007FFDA36A2000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA36A2000
|
| Size: |
53248
|
|
|
1FE752AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3252784566.000001FE752AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE752AA000
|
| Size: |
491520
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264550285.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
28F62A4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2923838530.0000028F62A4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F62A4E000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7FFDAF38A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209779098.00007FFDAF38A000.00000002.00000001.01000000.00000015.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAF38A000
|
| Size: |
12288
|
|
|
7FFD94899000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000002.3254052027.00007FFD94899000.00000008.00000001.01000000.0000001A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFD94899000
|
| Size: |
4096
|
|
|
7FFDA38DB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291775907.00007FFDA38DB000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA38DB000
|
| Size: |
24576
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229076228.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
7F8D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430920870.0000000007F8D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8D000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311649917.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
A0EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2531993954.000000000A0EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A0EE000
|
| Size: |
221184
|
|
|
7FFDA5586000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191766702.00007FFDA5586000.00000002.00000001.01000000.0000000D.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5586000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
5656000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2279725054.0000000005656000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5656000
|
| Size: |
32768
|
|
|
7FB7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2279908862.0000000007FB7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB7000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7FFDA55E1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3254998835.00007FFDA55E1000.00000020.00000001.01000000.00000017.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA55E1000
|
| Size: |
65536
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313169541.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
59D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3269101060.00000000059D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
59D0000
|
| Size: |
1196032
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264516522.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272793503.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFD94899000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000F.00000002.3290990887.00007FFD94899000.00000008.00000001.01000000.0000001A.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFD94899000
|
| Size: |
4096
|
|
|
7FD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296285282.0000000007FD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD6000
|
| Size: |
4096
|
|
|
7F96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296285282.0000000007F96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F96000
|
| Size: |
4096
|
|
|
247FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395283425.00000000247FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
247FF000
|
| Size: |
4096
|
|
|
F0F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391487079.0000000000F0F000.00000004.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
F0F000
|
| Size: |
65536
|
|
|
222059FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190568108.00000222059FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
222059FC000
|
| Size: |
73728
|
|
|
409A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000409A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
409A000
|
| Size: |
4096
|
|
|
40E4000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040E4000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40E4000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311758031.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
29A14CFC000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3283160895.0000029A14CFC000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
29A14CFC000
|
| Size: |
61440
|
|
|
4182000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004182000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4182000
|
| Size: |
32768
|
|
|
2220FA3A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3197777474.000002220FA3A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2220FA3A000
|
| Size: |
6656000
|
|
|
7FFDA5B81000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3255111052.00007FFDA5B81000.00000020.00000001.01000000.00000014.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA5B81000
|
| Size: |
159744
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271717286.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2279211031.0000000007F75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F75000
|
| Size: |
12288
|
|
|
404C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000404C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
404C000
|
| Size: |
12288
|
|
|
7FFDA36C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3254419467.00007FFDA36C1000.00000020.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA36C1000
|
| Size: |
1593344
|
|
|
8324000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457901040.0000000008324000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8324000
|
| Size: |
737280
|
|
|
40E6000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040E6000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40E6000
|
| Size: |
4096
|
|
|
5631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416636206.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5631000
|
| Size: |
16384
|
|
|
7FFD9489F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3254116788.00007FFD9489F000.00000004.00000001.01000000.0000001A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD9489F000
|
| Size: |
8192
|
|
|
83EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457974642.00000000083EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83EB000
|
| Size: |
737280
|
|
|
7FFDA46C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209199639.00007FFDA46C0000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA46C0000
|
| Size: |
4096
|
|
|
AF955CB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190407957.000000AF955CB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF955CB000
|
| Size: |
20480
|
|
|
5431000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3260296881.0000000005431000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5431000
|
| Size: |
147456
|
|
|
22205A7C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190568108.0000022205A7C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22205A7C000
|
| Size: |
294912
|
|
|
29A1D8B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3288024453.0000029A1D8B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A1D8B0000
|
| Size: |
6680576
|
|
|
7FFDAC09C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3192357575.00007FFDAC09C000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAC09C000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7F79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297582625.0000000007F79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F79000
|
| Size: |
12288
|
|
|
836C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2461916077.000000000836C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
836C000
|
| Size: |
991232
|
|
|
813F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297623373.000000000813F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
813F000
|
| Size: |
4096
|
|
|
3330000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267767735.0000000003330000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3330000
|
| Size: |
4096
|
|
|
7F98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297518445.0000000007F98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F98000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
28F62980000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180634742.0000028F62980000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F62980000
|
| Size: |
8192
|
|
|
1FE6A5E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3246495262.000001FE6A5E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6A5E8000
|
| Size: |
172032
|
|
|
7F82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430985540.0000000007F82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F82000
|
| Size: |
16384
|
|
|
411E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000411E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
411E000
|
| Size: |
4096
|
|
|
7FFDA5BA8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3192204009.00007FFDA5BA8000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5BA8000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
98D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.3390614695.000000000098D000.00000002.00000001.01000000.0000001D.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
98D000
|
| Size: |
122880
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312468047.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
4096
|
|
|
414A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000414A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
414A000
|
| Size: |
4096
|
|
|
410A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000410A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
410A000
|
| Size: |
12288
|
|
|
4096000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004096000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4096000
|
| Size: |
4096
|
|
|
7FA5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263292854.0000000007FA5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA5000
|
| Size: |
4096
|
|
|
5656000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2295836433.0000000005656000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5656000
|
| Size: |
16384
|
|
|
7FC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263757782.0000000007FC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC2000
|
| Size: |
12288
|
|
|
3320000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267739680.0000000003320000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3320000
|
| Size: |
4096
|
|
|
7FFD942A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208556832.00007FFD942A0000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD942A0000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FFDA55B8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191828943.00007FFDA55B8000.00000002.00000001.01000000.0000000D.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55B8000
|
| Size: |
24576
|
|
|
7FFD944B4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3208927171.00007FFD944B4000.00000004.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD944B4000
|
| Size: |
8192
|
|
|
3200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267688941.0000000003200000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
4096
|
|
|
7FF7EE0EE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000000.3275746065.00007FF7EE0EE000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0EE000
|
| Size: |
69632
|
|
|
98D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.3246644716.000000000098D000.00000002.00000001.01000000.0000001D.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
98D000
|
| Size: |
122880
|
|
|
7FB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263834328.0000000007FB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB9000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262172657.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFD947E8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3190403603.00007FFD947E8000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD947E8000
|
| Size: |
724992
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271513785.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313310985.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
7FFD9489B000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000002.3254095291.00007FFD9489B000.00000008.00000001.01000000.0000001A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFD9489B000
|
| Size: |
16384
|
|
|
7FFD947B5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3290888018.00007FFD947B5000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD947B5000
|
| Size: |
196608
|
|
|
8137000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297623373.0000000008137000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8137000
|
| Size: |
4096
|
|
|
55AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2262586525.00000000055AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55AF000
|
| Size: |
20480
|
|
|
40D0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040D0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40D0000
|
| Size: |
16384
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261989620.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3270959010.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263606246.0000000007FC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC7000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261612512.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
4208000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395028778.0000000004208000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4208000
|
| Size: |
4096
|
|
|
95C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.3246586300.000000000095C000.00000002.00000001.01000000.0000001D.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
95C000
|
| Size: |
188416
|
|
|
7FFD947B5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3190403603.00007FFD947B5000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD947B5000
|
| Size: |
196608
|
|
|
7FFD948B7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254160784.00007FFD948B7000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD948B7000
|
| Size: |
16384
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206046918.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
4150000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004150000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4150000
|
| Size: |
4096
|
|
|
7FFDA55D7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191968160.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55D7000
|
| Size: |
16384
|
|
|
7FAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296676270.0000000007FAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAE000
|
| Size: |
8192
|
|
|
5635000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313908271.0000000005635000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5635000
|
| Size: |
28672
|
|
|
4050000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004050000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4050000
|
| Size: |
4096
|
|
|
4098000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004098000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4098000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264840274.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
6270000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3269427663.0000000006270000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
6270000
|
| Size: |
5894144
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3260948952.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
208896
|
|
|
7FF7EE0FF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3253803985.00007FF7EE0FF000.00000004.00000001.01000000.00000012.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF7EE0FF000
|
| Size: |
8192
|
|
|
7FFDA5520000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191561235.00007FFDA5520000.00000002.00000001.01000000.0000000F.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5520000
|
| Size: |
4096
|
|
|
7FFD94048000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208076919.00007FFD94048000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD94048000
|
| Size: |
724992
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4020000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004020000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4020000
|
| Size: |
8192
|
|
|
7FF7EE0C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000000.3275680050.00007FF7EE0C0000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0C0000
|
| Size: |
4096
|
|
|
8266000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459749242.0000000008266000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8266000
|
| Size: |
884736
|
|
|
7F92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280037893.0000000007F92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F92000
|
| Size: |
8192
|
|
|
809F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297623373.000000000809F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
809F000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310467485.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
415B000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000415B000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
415B000
|
| Size: |
16384
|
|
|
7FFDA55D8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292103750.00007FFDA55D8000.00000002.00000001.01000000.00000019.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55D8000
|
| Size: |
24576
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206759908.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
7F7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281122020.0000000007F7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7F000
|
| Size: |
12288
|
|
|
3EAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392962541.0000000003EAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EAF000
|
| Size: |
4096
|
|
|
145E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392170075.000000000145E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
145E000
|
| Size: |
8192
|
|
|
245BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395213642.00000000245BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
245BE000
|
| Size: |
8192
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313029888.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263095672.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FA5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263452985.0000000007FA5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA5000
|
| Size: |
4096
|
|
|
7FFDA38CE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254691239.00007FFDA38CE000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA38CE000
|
| Size: |
49152
|
|
|
FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391785504.0000000000FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FFE000
|
| Size: |
8192
|
|
|
28F65E97000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3184337766.0000028F65E97000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F65E97000
|
| Size: |
4096
|
|
|
29A1468F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3283160895.0000029A1468F000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
29A1468F000
|
| Size: |
6696960
|
|
|
7F75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281967761.0000000007F75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F75000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430786248.0000000007FBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBA000
|
| Size: |
4096
|
|
|
7FAD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281690990.0000000007FAD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAD000
|
| Size: |
12288
|
|
|
7FB8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430786248.0000000007FB8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB8000
|
| Size: |
4096
|
|
|
216000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2119260197.0000000000216000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
216000
|
| Size: |
167936
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
28F629D9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180678422.0000028F629D9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F629D9000
|
| Size: |
262144
|
|
|
7FFD9489A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3254071741.00007FFD9489A000.00000004.00000001.01000000.0000001A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD9489A000
|
| Size: |
4096
|
|
|
7F61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530080635.0000000007F61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F61000
|
| Size: |
118784
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
408C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000408C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
408C000
|
| Size: |
4096
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229624621.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
7FB7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314259292.0000000007FB7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB7000
|
| Size: |
4096
|
|
|
7FF7EE0C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3253746694.00007FF7EE0C1000.00000020.00000001.01000000.00000012.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF7EE0C1000
|
| Size: |
184320
|
|
|
7F6A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280037893.0000000007F6A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6A000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
30C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3390050500.000000000030C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30C000
|
| Size: |
16384
|
|
|
29A174A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3285444695.0000029A174A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A174A9000
|
| Size: |
69632
|
|
|
7592000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2228828476.0000000007592000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7592000
|
| Size: |
1142784
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1FE6B165000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3246729756.000001FE6B165000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1FE6B165000
|
| Size: |
28672
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262255668.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229480589.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
22210C10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3205865223.0000022210C10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22210C10000
|
| Size: |
1462272
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
842A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459673359.000000000842A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
842A000
|
| Size: |
876544
|
|
|
7FF7EE0FF000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000005.00000000.3180348248.00007FF7EE0FF000.00000008.00000001.01000000.00000012.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FF7EE0FF000
|
| Size: |
8192
|
|
|
7F6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2295929418.0000000007F6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6E000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FF7EE0C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3253725532.00007FF7EE0C0000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0C0000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312980551.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273729055.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
28F6DC46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3188716039.0000028F6DC46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F6DC46000
|
| Size: |
16384
|
|
|
7FF627C41000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.3189528125.00007FF627C41000.00000020.00000001.01000000.00000006.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF627C41000
|
| Size: |
184320
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272493218.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
563F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416585466.000000000563F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
563F000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416489197.0000000007FBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBA000
|
| Size: |
4096
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206137734.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
82F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455519216.00000000082F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
82F0000
|
| Size: |
548864
|
|
|
4062000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004062000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4062000
|
| Size: |
4096
|
|
|
844F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2460353594.000000000844F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
844F000
|
| Size: |
917504
|
|
|
7FCC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263606246.0000000007FCC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FCC000
|
| Size: |
4096
|
|
|
576F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3280192778.000000000576F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
576F000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313479706.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
1FE75734000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3253115839.000001FE75734000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1FE75734000
|
| Size: |
1527808
|
|
|
7F79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309239543.0000000007F79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F79000
|
| Size: |
20480
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272110007.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
800F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296084669.000000000800F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
800F000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273293958.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FF7EE0C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3207706131.00007FF7EE0C0000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0C0000
|
| Size: |
4096
|
|
|
7F98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281759183.0000000007F98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F98000
|
| Size: |
4096
|
|
|
28F65CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3184178887.0000028F65CA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F65CA0000
|
| Size: |
4096
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309726624.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
4096
|
|
|
1FE7599C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3253247490.000001FE7599C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1FE7599C000
|
| Size: |
4096
|
|
|
8315000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457193594.0000000008315000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8315000
|
| Size: |
671744
|
|
|
7FFDAF37C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292585407.00007FFDAF37C000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAF37C000
|
| Size: |
20480
|
|
|
7FFDA36C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291425542.00007FFDA36C0000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA36C0000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271140529.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281350734.0000000007F91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F91000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
826F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456041354.000000000826F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826F000
|
| Size: |
589824
|
|
|
F46000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000002.3391628177.0000000000F46000.00000008.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
F46000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261905749.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3267556248.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
416E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000416E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
416E000
|
| Size: |
12288
|
|
|
AF958FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190446571.000000AF958FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF958FD000
|
| Size: |
12288
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313675349.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
4096
|
|
|
1FE6AADF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3246729756.000001FE6AADF000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1FE6AADF000
|
| Size: |
6696960
|
|
|
28F65CC0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3184196774.0000028F65CC0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
28F65CC0000
|
| Size: |
4096
|
|
|
826F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458842605.000000000826F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826F000
|
| Size: |
811008
|
|
|
29A14150000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3282945780.0000029A14150000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A14150000
|
| Size: |
8192
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261881751.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FDC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314117937.0000000007FDC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FDC000
|
| Size: |
8192
|
|
|
5550000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229999711.0000000005550000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
5550000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261857332.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7F7C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2295945434.0000000007F7C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7C000
|
| Size: |
12288
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229784617.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
4100000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004100000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4100000
|
| Size: |
28672
|
|
|
7F98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281122020.0000000007F98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F98000
|
| Size: |
45056
|
|
|
7FFDA384C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291594150.00007FFDA384C000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA384C000
|
| Size: |
176128
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312156502.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
4096
|
|
|
222059F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190568108.00000222059F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
222059F6000
|
| Size: |
20480
|
|
|
7FF7EE102000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3290718765.00007FF7EE102000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE102000
|
| Size: |
102400
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3204535316.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
9B1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000B.00000002.3390712031.00000000009B1000.00000020.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
9B1000
|
| Size: |
2859008
|
|
|
2221081A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3204481227.000002221081A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2221081A000
|
| Size: |
1527808
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
272B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276130974.000000000272B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
272B000
|
| Size: |
20480
|
|
|
385E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392757195.000000000385E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
385E000
|
| Size: |
24576
|
|
|
DD485FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180516707.000000DD485FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DD485FD000
|
| Size: |
12288
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262510416.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206721865.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
5631000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431197864.0000000005631000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5631000
|
| Size: |
16384
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262139342.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDA3605000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254265307.00007FFDA3605000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA3605000
|
| Size: |
614400
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310091539.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229264332.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261341676.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
7FB5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263230210.0000000007FB5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB5000
|
| Size: |
12288
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273849896.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
29A17470000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3285352049.0000029A17470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A17470000
|
| Size: |
12288
|
|
|
7FFDA5548000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3254823076.00007FFDA5548000.00000004.00000001.01000000.0000001B.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA5548000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271096726.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
55D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2262586525.00000000055D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55D6000
|
| Size: |
323584
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FFDA54E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209539692.00007FFDA54E0000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA54E0000
|
| Size: |
4096
|
|
|
5624000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530148228.0000000005624000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5624000
|
| Size: |
4096
|
|
|
8C68000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2532921909.0000000008C68000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8C68000
|
| Size: |
229376
|
|
|
5635000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416585466.0000000005635000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5635000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311524269.0000000007F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F74000
|
| Size: |
4096
|
|
|
40CC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040CC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40CC000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264739576.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
8267000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462757519.0000000008267000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8267000
|
| Size: |
1048576
|
|
|
22206696000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3190845455.0000022206696000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
22206696000
|
| Size: |
4268032
|
|
|
28F628A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180604755.0000028F628A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F628A0000
|
| Size: |
4096
|
|
|
7FDF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296676270.0000000007FDF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FDF000
|
| Size: |
4096
|
|
|
2B8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276630890.0000000002B8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B8E000
|
| Size: |
8192
|
|
|
C6B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.3391032488.0000000000C6B000.00000002.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C6B000
|
| Size: |
2572288
|
|
|
DD486FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180536634.000000DD486FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DD486FD000
|
| Size: |
12288
|
|
|
7FBF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430786248.0000000007FBF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBF000
|
| Size: |
4096
|
|
|
7FFDA46C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.3209220968.00007FFDA46C1000.00000020.00000001.01000000.00000017.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA46C1000
|
| Size: |
65536
|
|
|
29A1ECF1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3290182515.0000029A1ECF1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A1ECF1000
|
| Size: |
1527808
|
|
|
7FF7EE0C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.3227235051.00007FF7EE0C0000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0C0000
|
| Size: |
4096
|
|
|
7D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3390242703.00000000007D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
411C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000411C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
411C000
|
| Size: |
4096
|
|
|
826B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462432833.000000000826B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826B000
|
| Size: |
1024000
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229028200.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312855323.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
7FFDA384C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191290114.00007FFDA384C000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA384C000
|
| Size: |
176128
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229346522.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
7FFDA3530000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254180687.00007FFDA3530000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA3530000
|
| Size: |
4096
|
|
|
140000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2119168417.0000000000140000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
140000
|
| Size: |
4096
|
|
|
7FC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263230210.0000000007FC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC6000
|
| Size: |
139264
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229541068.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273346666.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDAC0A2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255253147.00007FFDAC0A2000.00000002.00000001.01000000.00000015.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAC0A2000
|
| Size: |
16384
|
|
|
7F9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280317490.0000000007F9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9F000
|
| Size: |
4096
|
|
|
5636000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431150141.0000000005636000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5636000
|
| Size: |
28672
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312357810.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
7FA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280317490.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA1000
|
| Size: |
8192
|
|
|
7F82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430920870.0000000007F82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F82000
|
| Size: |
16384
|
|
|
7FFDAF371000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.3209711040.00007FFDAF371000.00000020.00000001.01000000.00000015.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDAF371000
|
| Size: |
69632
|
|
|
7FFDAC0A1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3192407825.00007FFDAC0A1000.00000004.00000001.01000000.00000009.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDAC0A1000
|
| Size: |
4096
|
|
|
40AA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040AA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40AA000
|
| Size: |
4096
|
|
|
7FA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280317490.0000000007FA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA4000
|
| Size: |
4096
|
|
|
564F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313858604.000000000564F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
564F000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
833D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458708290.000000000833D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
833D000
|
| Size: |
802816
|
|
|
826D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459114145.000000000826D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826D000
|
| Size: |
835584
|
|
|
5656000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416536420.0000000005656000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5656000
|
| Size: |
20480
|
|
|
7FF7EE0FF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3207853295.00007FF7EE0FF000.00000004.00000001.01000000.00000012.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF7EE0FF000
|
| Size: |
8192
|
|
|
7FFDAC0A6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3292487148.00007FFDAC0A6000.00000004.00000001.01000000.00000015.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDAC0A6000
|
| Size: |
8192
|
|
|
28F63555000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3181014766.0000028F63555000.00000002.00000001.01000000.00000010.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
28F63555000
|
| Size: |
28672
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272540916.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
1FE75530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3252922965.000001FE75530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1FE75530000
|
| Size: |
1462272
|
|
|
7F85000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280317490.0000000007F85000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F85000
|
| Size: |
12288
|
|
|
5657000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281951195.0000000005657000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5657000
|
| Size: |
28672
|
|
|
7FFDA5BA8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292307976.00007FFDA5BA8000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5BA8000
|
| Size: |
45056
|
|
|
562A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416636206.000000000562A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
562A000
|
| Size: |
4096
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313758907.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
4096
|
|
|
7FFDA36B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3190991430.00007FFDA36B0000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA36B0000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264888284.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFD944CB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208980964.00007FFD944CB000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD944CB000
|
| Size: |
24576
|
|
|
7F6A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281759183.0000000007F6A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6A000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312534684.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
7FFDA5548000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3291926408.00007FFDA5548000.00000004.00000001.01000000.0000001B.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA5548000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273257741.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FF7EE0EE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3207798375.00007FF7EE0EE000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0EE000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
492E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3277251344.000000000492E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
492E000
|
| Size: |
294912
|
|
|
7F73000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309399579.0000000007F73000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F73000
|
| Size: |
16384
|
|
|
7F7C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309382523.0000000007F7C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7C000
|
| Size: |
8192
|
|
|
7FF627C40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3189497509.00007FF627C40000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF627C40000
|
| Size: |
4096
|
|
|
4148000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004148000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4148000
|
| Size: |
4096
|
|
|
5623000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313947147.0000000005623000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5623000
|
| Size: |
8192
|
|
|
8262000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2461831656.0000000008262000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8262000
|
| Size: |
983040
|
|
|
7FF7EE0FF000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000F.00000000.3275803630.00007FF7EE0FF000.00000008.00000001.01000000.00000012.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FF7EE0FF000
|
| Size: |
8192
|
|
|
7FFDA38C7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3191427547.00007FFDA38C7000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA38C7000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264366025.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
4045000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004045000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4045000
|
| Size: |
16384
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312080750.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311793759.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
4096
|
|
|
8395000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455984539.0000000008395000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8395000
|
| Size: |
581632
|
|
|
7FFDA369B000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000F.00000002.3291322391.00007FFDA369B000.00000008.00000001.01000000.00000018.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFDA369B000
|
| Size: |
12288
|
|
|
831B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457016489.000000000831B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
831B000
|
| Size: |
663552
|
|
|
82F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455241500.00000000082F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
82F4000
|
| Size: |
524288
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261728301.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
564F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431030706.000000000564F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
564F000
|
| Size: |
28672
|
|
|
7FFDA5551000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3254880221.00007FFDA5551000.00000020.00000001.01000000.00000019.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA5551000
|
| Size: |
348160
|
|
|
276B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276186852.000000000276B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
276B000
|
| Size: |
20480
|
|
|
29A14188000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3282970707.0000029A14188000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A14188000
|
| Size: |
176128
|
|
|
562C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530148228.000000000562C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
562C000
|
| Size: |
4096
|
|
|
33DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267853321.00000000033DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33DE000
|
| Size: |
8192
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262330066.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
29A14206000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3282970707.0000029A14206000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A14206000
|
| Size: |
131072
|
|
|
96EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2531993954.00000000096EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
96EE000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7FFDA5BA8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255137500.00007FFDA5BA8000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5BA8000
|
| Size: |
45056
|
|
|
7F7A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2278999770.0000000007F7A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7A000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2BC5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263566489.0000000002BC5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC5000
|
| Size: |
4096
|
|
|
7FFDA369B000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000004.00000002.3190935599.00007FFDA369B000.00000008.00000001.01000000.0000000B.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFDA369B000
|
| Size: |
12288
|
|
|
7FBE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296497117.0000000007FBE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBE000
|
| Size: |
4096
|
|
|
1FE73D0F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3251482927.000001FE73D0F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE73D0F000
|
| Size: |
6680576
|
|
|
28F63533000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3181014766.0000028F63533000.00000002.00000001.01000000.00000010.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
28F63533000
|
| Size: |
32768
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312747139.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
2220667C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3190845455.000002220667C000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2220667C000
|
| Size: |
32768
|
|
|
7FFD942B1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.3208630640.00007FFD942B1000.00000020.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFD942B1000
|
| Size: |
1593344
|
|
|
7FFD94495000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3208873256.00007FFD94495000.00000004.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD94495000
|
| Size: |
118784
|
|
|
7FF7EE0C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000000.3227304309.00007FF7EE0C1000.00000020.00000001.01000000.00000012.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF7EE0C1000
|
| Size: |
184320
|
|
|
22210992000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3204481227.0000022210992000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22210992000
|
| Size: |
491520
|
|
|
7F96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296497117.0000000007F96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F96000
|
| Size: |
4096
|
|
|
29A1F0F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3290353149.0000029A1F0F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29A1F0F0000
|
| Size: |
1462272
|
|
|
246BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395238137.00000000246BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
246BF000
|
| Size: |
4096
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309209156.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
20480
|
|
|
370000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3390103186.0000000000370000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
370000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271959712.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDA551C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209666866.00007FFDA551C000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA551C000
|
| Size: |
8192
|
|
|
412E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000412E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
412E000
|
| Size: |
4096
|
|
|
28F63979000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3181014766.0000028F63979000.00000002.00000001.01000000.00000010.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
28F63979000
|
| Size: |
24576
|
|
|
7FF7EE0C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000000.3180283472.00007FF7EE0C1000.00000020.00000001.01000000.00000012.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FF7EE0C1000
|
| Size: |
184320
|
|
|
7F69000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2295895995.0000000007F69000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F69000
|
| Size: |
4096
|
|
|
2D2C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276892903.0000000002D2C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D2C000
|
| Size: |
172032
|
|
|
7F6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309293865.0000000007F6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6B000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
28F6354C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3181014766.0000028F6354C000.00000002.00000001.01000000.00000010.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
28F6354C000
|
| Size: |
32768
|
|
|
1FE6B176000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3246729756.000001FE6B176000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1FE6B176000
|
| Size: |
4268032
|
|
|
1FE6D8FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3248781745.000001FE6D8FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6D8FA000
|
| Size: |
69632
|
|
|
7F6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309239543.0000000007F6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6B000
|
| Size: |
49152
|
|
|
7FFDA38DB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191474197.00007FFDA38DB000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA38DB000
|
| Size: |
24576
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264962353.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272588219.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
40D8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040D8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40D8000
|
| Size: |
8192
|
|
|
28F6DAE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3188716039.0000028F6DAE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F6DAE0000
|
| Size: |
1462272
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7FFDA55B4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3191807103.00007FFDA55B4000.00000004.00000001.01000000.0000000D.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA55B4000
|
| Size: |
16384
|
|
|
40DC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040DC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40DC000
|
| Size: |
4096
|
|
|
5656000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530131917.0000000005656000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5656000
|
| Size: |
36864
|
|
|
1FE6A661000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3246495262.000001FE6A661000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6A661000
|
| Size: |
12288
|
|
|
3350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267796075.0000000003350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3350000
|
| Size: |
16384
|
|
|
7FFDA5B80000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292251946.00007FFDA5B80000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5B80000
|
| Size: |
4096
|
|
|
40F8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040F8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F8000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3265031468.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F6C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309446967.0000000007F6C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6C000
|
| Size: |
8192
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262202342.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313675349.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263122840.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDA369E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3254339899.00007FFDA369E000.00000004.00000001.01000000.00000018.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA369E000
|
| Size: |
12288
|
|
|
7FFD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314117937.0000000007FFD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFD000
|
| Size: |
57344
|
|
|
81D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297623373.00000000081D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81D7000
|
| Size: |
4096
|
|
|
8262000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458040376.0000000008262000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8262000
|
| Size: |
745472
|
|
|
7FFDA5B80000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3192146437.00007FFDA5B80000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5B80000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261787011.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
29A14202000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3282970707.0000029A14202000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A14202000
|
| Size: |
4096
|
|
|
826A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457443786.000000000826A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826A000
|
| Size: |
696320
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310648028.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
7FFDA546C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209367732.00007FFDA546C000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA546C000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
40E8000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040E8000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40E8000
|
| Size: |
4096
|
|
|
7FFDA5550000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291975534.00007FFDA5550000.00000002.00000001.01000000.00000019.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5550000
|
| Size: |
4096
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229449288.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
7F67000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309446967.0000000007F67000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F67000
|
| Size: |
12288
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273172035.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273558405.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
1FE6B589000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3246729756.000001FE6B589000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1FE6B589000
|
| Size: |
24576
|
|
|
7F92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280317490.0000000007F92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F92000
|
| Size: |
8192
|
|
|
8307000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456506558.0000000008307000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8307000
|
| Size: |
622592
|
|
|
339F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267824008.000000000339F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
339F000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272055458.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
40F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F0000
|
| Size: |
4096
|
|
|
7FFDAF37C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255346051.00007FFDAF37C000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAF37C000
|
| Size: |
20480
|
|
|
22210D82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3205865223.0000022210D82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22210D82000
|
| Size: |
65536
|
|
|
7FFDAC090000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255214697.00007FFDAC090000.00000002.00000001.01000000.00000015.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAC090000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3274048701.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263452985.0000000007FFA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFA000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271193348.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDA3605000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3190872883.00007FFDA3605000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA3605000
|
| Size: |
614400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
29A1E58C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3289127390.0000029A1E58C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A1E58C000
|
| Size: |
352256
|
|
|
566F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3280047927.000000000566F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
566F000
|
| Size: |
4096
|
|
|
3537000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267948607.0000000003537000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3537000
|
| Size: |
8192
|
|
|
246FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395260394.00000000246FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
246FE000
|
| Size: |
8192
|
|
|
7FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263230210.0000000007FFA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFA000
|
| Size: |
8192
|
|
|
F3C4AFB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3282834164.000000F3C4AFB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F3C4AFB000
|
| Size: |
20480
|
|
|
12EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392054817.00000000012EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12EC000
|
| Size: |
16384
|
|
|
4160000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004160000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4160000
|
| Size: |
4096
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2228991986.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
237568
|
|
|
7FFDA38C4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3291727275.00007FFDA38C4000.00000004.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA38C4000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273807984.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
8261000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457257999.0000000008261000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8261000
|
| Size: |
679936
|
|
|
29A174BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3285444695.0000029A174BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A174BF000
|
| Size: |
4096
|
|
|
826F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455168674.000000000826F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826F000
|
| Size: |
524288
|
|
|
7F96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281759183.0000000007F96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F96000
|
| Size: |
4096
|
|
|
7FFD94661000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3253873199.00007FFD94661000.00000020.00000001.01000000.0000001A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFD94661000
|
| Size: |
1392640
|
|
|
98A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000002.3390577965.000000000098A000.00000008.00000001.01000000.0000001D.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
98A000
|
| Size: |
8192
|
|
|
7FFDAF371000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3255327638.00007FFDAF371000.00000020.00000001.01000000.00000016.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDAF371000
|
| Size: |
45056
|
|
|
826B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462924765.000000000826B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826B000
|
| Size: |
1056768
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262484385.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
841C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458776128.000000000841C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
841C000
|
| Size: |
802816
|
|
|
572E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3280170050.000000000572E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
572E000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272298605.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229154999.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
826E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456653650.000000000826E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826E000
|
| Size: |
638976
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263504354.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
82F7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455384310.00000000082F7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
82F7000
|
| Size: |
540672
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206833618.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
5500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2227550521.0000000005500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5500000
|
| Size: |
172032
|
|
|
4082000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004082000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4082000
|
| Size: |
4096
|
|
|
7FFDA5BB7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255175277.00007FFDA5BB7000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5BB7000
|
| Size: |
16384
|
|
|
7FA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281122020.0000000007FA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA8000
|
| Size: |
8192
|
|
|
7FF7EE0C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3290599760.00007FF7EE0C0000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0C0000
|
| Size: |
4096
|
|
|
7F6A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2295875371.0000000007F6A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6A000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310410583.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
7FCE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296285282.0000000007FCE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FCE000
|
| Size: |
4096
|
|
|
562A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431197864.000000000562A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
562A000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271233854.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
4078000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004078000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4078000
|
| Size: |
4096
|
|
|
7FFD94661000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.3189946070.00007FFD94661000.00000020.00000001.01000000.0000000E.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFD94661000
|
| Size: |
1392640
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206619795.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
2B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276310648.0000000002B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B0E000
|
| Size: |
8192
|
|
|
1FE6A667000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3246495262.000001FE6A667000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6A667000
|
| Size: |
266240
|
|
|
8261000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462003010.0000000008261000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8261000
|
| Size: |
999424
|
|
|
402B000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000402B000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
402B000
|
| Size: |
16384
|
|
|
8266000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459253436.0000000008266000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8266000
|
| Size: |
843776
|
|
|
8300000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456104151.0000000008300000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8300000
|
| Size: |
589824
|
|
|
7FFDA55D8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254962645.00007FFDA55D8000.00000002.00000001.01000000.00000019.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55D8000
|
| Size: |
24576
|
|
|
7FC8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2279908862.0000000007FC8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FC8000
|
| Size: |
143360
|
|
|
7FFD94101000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208284715.00007FFD94101000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD94101000
|
| Size: |
81920
|
|
|
7FFDA54B9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209518941.00007FFDA54B9000.00000002.00000001.01000000.0000001B.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA54B9000
|
| Size: |
12288
|
|
|
8347000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459181653.0000000008347000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8347000
|
| Size: |
835584
|
|
|
2221111C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3207058022.000002221111C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2221111C000
|
| Size: |
294912
|
|
|
2C90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276809180.0000000002C90000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2C90000
|
| Size: |
4096
|
|
|
7FFD944B7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3208927171.00007FFD944B7000.00000004.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD944B7000
|
| Size: |
4096
|
|
|
7F96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280317490.0000000007F96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F96000
|
| Size: |
4096
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229136858.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
7FEF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296084669.0000000007FEF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FEF000
|
| Size: |
81920
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273516978.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F6F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431266562.0000000007F6F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6F000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
28F65E75000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3184252159.0000028F65E75000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F65E75000
|
| Size: |
28672
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261549327.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
7FFDA38A5000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3191373766.00007FFDA38A5000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA38A5000
|
| Size: |
118784
|
|
|
40FE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040FE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40FE000
|
| Size: |
4096
|
|
|
22206685000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3190845455.0000022206685000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
22206685000
|
| Size: |
28672
|
|
|
28F62A4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179664380.0000028F62A4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F62A4E000
|
| Size: |
69632
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273933369.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FDE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296084669.0000000007FDE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FDE000
|
| Size: |
12288
|
|
|
847B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462353073.000000000847B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
847B000
|
| Size: |
1015808
|
|
|
7FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263606246.0000000007FFA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FFA000
|
| Size: |
12288
|
|
|
8267000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2460128031.0000000008267000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8267000
|
| Size: |
909312
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229695621.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
40EC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040EC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40EC000
|
| Size: |
8192
|
|
|
7FF7EE102000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.3180372261.00007FF7EE102000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE102000
|
| Size: |
102400
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272349800.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206189417.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271619261.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFD947B5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3253964085.00007FFD947B5000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD947B5000
|
| Size: |
196608
|
|
|
4074000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004074000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4074000
|
| Size: |
12288
|
|
|
29A142C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3283160895.0000029A142C0000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
29A142C0000
|
| Size: |
3989504
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312660381.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
28F65E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3184252159.0000028F65E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F65E70000
|
| Size: |
12288
|
|
|
3530000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267948607.0000000003530000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3530000
|
| Size: |
20480
|
|
|
7FFDA38C2000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000002.3254624952.00007FFDA38C2000.00000008.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFDA38C2000
|
| Size: |
8192
|
|
|
7F6C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416506781.0000000007F6C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6C000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4114000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004114000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4114000
|
| Size: |
20480
|
|
|
28F64380000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3181014766.0000028F64380000.00000002.00000001.01000000.00000010.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
28F64380000
|
| Size: |
1462272
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FF7EE0FF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3290693992.00007FF7EE0FF000.00000004.00000001.01000000.00000012.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF7EE0FF000
|
| Size: |
8192
|
|
|
7FFDA55F7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292220802.00007FFDA55F7000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55F7000
|
| Size: |
16384
|
|
|
562C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313947147.000000000562C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
562C000
|
| Size: |
4096
|
|
|
7F7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280317490.0000000007F7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7F000
|
| Size: |
4096
|
|
|
5623000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431197864.0000000005623000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5623000
|
| Size: |
8192
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261639943.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
7F65000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281759183.0000000007F65000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F65000
|
| Size: |
12288
|
|
|
103E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391819581.000000000103E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
103E000
|
| Size: |
8192
|
|
|
241FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395162770.00000000241FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
241FE000
|
| Size: |
8192
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312660381.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
40CE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040CE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40CE000
|
| Size: |
4096
|
|
|
8B1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000B.00000000.3246509888.00000000008B1000.00000020.00000001.01000000.0000001D.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
8B1000
|
| Size: |
700416
|
|
|
2BC5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263536588.0000000002BC5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC5000
|
| Size: |
4096
|
|
|
8264000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459525934.0000000008264000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8264000
|
| Size: |
868352
|
|
|
7FA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430786248.0000000007FA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA7000
|
| Size: |
4096
|
|
|
22210E18000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3206664361.0000022210E18000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
22210E18000
|
| Size: |
1527808
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264126481.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310514969.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
4096
|
|
|
8444000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2461564131.0000000008444000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8444000
|
| Size: |
966656
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272212317.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
3FB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393008179.0000000003FB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB0000
|
| Size: |
4096
|
|
|
2B4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276602133.0000000002B4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B4F000
|
| Size: |
4096
|
|
|
7F9C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296497117.0000000007F9C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9C000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
562C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431030706.000000000562C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
562C000
|
| Size: |
4096
|
|
|
222059F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190568108.00000222059F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
222059F0000
|
| Size: |
20480
|
|
|
7FFDAC0A2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292461918.00007FFDAC0A2000.00000002.00000001.01000000.00000015.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAC0A2000
|
| Size: |
16384
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310768749.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
7FFDAC090000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292409685.00007FFDAC090000.00000002.00000001.01000000.00000015.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAC090000
|
| Size: |
4096
|
|
|
7FFDAF371000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.3292560226.00007FFDAF371000.00000020.00000001.01000000.00000016.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDAF371000
|
| Size: |
45056
|
|
|
7FFD9428E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3208530572.00007FFD9428E000.00000004.00000001.01000000.00000018.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD9428E000
|
| Size: |
12288
|
|
|
4162000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004162000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4162000
|
| Size: |
4096
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297971616.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
4096
|
|
|
DEED1FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3246351930.000000DEED1FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DEED1FE000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272932533.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDA5BB3000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3292333618.00007FFDA5BB3000.00000004.00000001.01000000.00000014.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA5BB3000
|
| Size: |
12288
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3246728366.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262104589.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273083489.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FF7EE102000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000000.3275829475.00007FF7EE102000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE102000
|
| Size: |
102400
|
|
|
7FFDA3531000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.3190767666.00007FFDA3531000.00000020.00000001.01000000.0000000B.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA3531000
|
| Size: |
868352
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229093206.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
7F70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2278999770.0000000007F70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F70000
|
| Size: |
32768
|
|
|
331E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267712385.000000000331E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
331E000
|
| Size: |
8192
|
|
|
5623000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416636206.0000000005623000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5623000
|
| Size: |
8192
|
|
|
22210E07000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3205865223.0000022210E07000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22210E07000
|
| Size: |
4096
|
|
|
7FFDA55E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254981554.00007FFDA55E0000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55E0000
|
| Size: |
4096
|
|
|
82F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455916931.00000000082F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
82F4000
|
| Size: |
573440
|
|
|
7FFDA55FA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3192120715.00007FFDA55FA000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55FA000
|
| Size: |
12288
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206444119.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
95C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.3390532683.000000000095C000.00000002.00000001.01000000.0000001D.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
95C000
|
| Size: |
188416
|
|
|
2CEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276870902.0000000002CEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CEE000
|
| Size: |
8192
|
|
|
7FAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263292854.0000000007FAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAB000
|
| Size: |
8192
|
|
|
7FFDA369E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3291347112.00007FFDA369E000.00000004.00000001.01000000.00000018.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA369E000
|
| Size: |
12288
|
|
|
7FFDA5BB3000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3192231142.00007FFDA5BB3000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA5BB3000
|
| Size: |
12288
|
|
|
7FFDA3849000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.3254419467.00007FFDA3849000.00000020.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA3849000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271001267.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
DEED0FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3246255229.000000DEED0FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DEED0FE000
|
| Size: |
8192
|
|
|
40EA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040EA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40EA000
|
| Size: |
4096
|
|
|
55C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2262586525.00000000055C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55C9000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264408151.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDA46D1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209254173.00007FFDA46D1000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA46D1000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4000000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004000000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4000000
|
| Size: |
36864
|
|
|
28F6C90A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3187497505.0000028F6C90A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6C90A000
|
| Size: |
6656000
|
|
|
7FFDA54B5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209474234.00007FFDA54B5000.00000002.00000001.01000000.0000001B.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA54B5000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7F7A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2279211031.0000000007F7A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7A000
|
| Size: |
20480
|
|
|
7FFDA55E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292128726.00007FFDA55E0000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55E0000
|
| Size: |
4096
|
|
|
1160000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391967225.0000000001160000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1160000
|
| Size: |
16384
|
|
|
F29000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391522174.0000000000F29000.00000004.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
F29000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3259822318.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
131072
|
|
|
7FFDA55F2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3192071435.00007FFDA55F2000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55F2000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2BC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276691040.0000000002BC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC0000
|
| Size: |
16384
|
|
|
8CBD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2533456972.0000000008CBD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8CBD000
|
| Size: |
2199552
|
|
|
7FFD9489B000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000F.00000002.3291042653.00007FFD9489B000.00000008.00000001.01000000.0000001A.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFD9489B000
|
| Size: |
16384
|
|
|
564D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530216132.000000000564D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
564D000
|
| Size: |
36864
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273971101.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
8347000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459471335.0000000008347000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8347000
|
| Size: |
860160
|
|
|
562C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431197864.000000000562C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
562C000
|
| Size: |
4096
|
|
|
7F98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281856336.0000000007F98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F98000
|
| Size: |
4096
|
|
|
7F96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281856336.0000000007F96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F96000
|
| Size: |
4096
|
|
|
7FF3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263757782.0000000007FF3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FF3000
|
| Size: |
4096
|
|
|
40AC000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040AC000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40AC000
|
| Size: |
4096
|
|
|
7F7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2276456563.0000000007F7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7F000
|
| Size: |
12288
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229389346.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
353C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3267948607.000000000353C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
353C000
|
| Size: |
126976
|
|
|
7F73000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2295962736.0000000007F73000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F73000
|
| Size: |
8192
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310271556.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
7F98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263385459.0000000007F98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F98000
|
| Size: |
8192
|
|
|
22208FA4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3194132218.0000022208FA4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22208FA4000
|
| Size: |
32768
|
|
|
7FF7EE0EE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3290665812.00007FF7EE0EE000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0EE000
|
| Size: |
69632
|
|
|
7F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311912637.0000000007F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F74000
|
| Size: |
4096
|
|
|
420E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395028778.000000000420E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
420E000
|
| Size: |
16384
|
|
|
7FAA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280317490.0000000007FAA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAA000
|
| Size: |
8192
|
|
|
527A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3268435624.000000000527A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
527A000
|
| Size: |
294912
|
|
|
7F86000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2279621522.0000000007F86000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F86000
|
| Size: |
8192
|
|
|
4084000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004084000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4084000
|
| Size: |
4096
|
|
|
3FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3390175014.00000000003FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3FE000
|
| Size: |
8192
|
|
|
5042000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3268160199.0000000005042000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5042000
|
| Size: |
512000
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272255300.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
22208FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3194281994.0000022208FB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22208FB0000
|
| Size: |
69632
|
|
|
7FFD94661000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.3290775234.00007FFD94661000.00000020.00000001.01000000.0000001A.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFD94661000
|
| Size: |
1392640
|
|
|
7FFDA5508000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209597920.00007FFDA5508000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5508000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263021876.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDA55D1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191911321.00007FFDA55D1000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55D1000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312433933.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
400E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000400E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
400E000
|
| Size: |
28672
|
|
|
826A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459396595.000000000826A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826A000
|
| Size: |
851968
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313063289.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263315225.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
5D81000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3205101952.0000000005D81000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5D81000
|
| Size: |
208896
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312980551.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
4206000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395028778.0000000004206000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4206000
|
| Size: |
4096
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312917512.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
7FF7EE0EE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.3227329028.00007FF7EE0EE000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0EE000
|
| Size: |
69632
|
|
|
7FFDA384C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254541034.00007FFDA384C000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA384C000
|
| Size: |
176128
|
|
|
7FFDA369B000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000008.00000002.3254317762.00007FFDA369B000.00000008.00000001.01000000.00000018.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFDA369B000
|
| Size: |
12288
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2310514969.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
4096
|
|
|
2F6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392331418.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F6E000
|
| Size: |
294912
|
|
|
40CA000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040CA000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40CA000
|
| Size: |
4096
|
|
|
7FFDA5531000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.3191719967.00007FFDA5531000.00000020.00000001.01000000.0000000D.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA5531000
|
| Size: |
348160
|
|
|
22208FC6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3194281994.0000022208FC6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22208FC6000
|
| Size: |
4096
|
|
|
22210D96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3205865223.0000022210D96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22210D96000
|
| Size: |
458752
|
|
|
7FFDA5545000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254804356.00007FFDA5545000.00000002.00000001.01000000.0000001B.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5545000
|
| Size: |
12288
|
|
|
2D2D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392191199.0000000002D2D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D2D000
|
| Size: |
512000
|
|
|
7F79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430985540.0000000007F79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F79000
|
| Size: |
20480
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273643431.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
4164000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004164000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4164000
|
| Size: |
4096
|
|
|
5B6E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.3269101060.0000000005B6E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5B6E000
|
| Size: |
24576
|
|
|
7FF7EE102000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.3227363690.00007FF7EE102000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE102000
|
| Size: |
102400
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530034658.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
499712
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206330958.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
22208DD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3194035773.0000022208DD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22208DD0000
|
| Size: |
4096
|
|
|
4032000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004032000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4032000
|
| Size: |
28672
|
|
|
8C60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2530484775.0000000008C60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8C60000
|
| Size: |
204800
|
|
|
29A17480000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3285410872.0000029A17480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A17480000
|
| Size: |
4096
|
|
|
7FF627C82000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3189669800.00007FF627C82000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF627C82000
|
| Size: |
102400
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264595213.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDAF382000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209736329.00007FFDAF382000.00000002.00000001.01000000.00000015.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAF382000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3267533593.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
28F65CC1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179572979.0000028F65CC1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
28F65CC1000
|
| Size: |
262144
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7FFDA3531000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.3291176837.00007FFDA3531000.00000020.00000001.01000000.00000018.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA3531000
|
| Size: |
868352
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271326318.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDA55D4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3292077911.00007FFDA55D4000.00000004.00000001.01000000.00000019.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA55D4000
|
| Size: |
16384
|
|
|
521E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3279193333.000000000521E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
521E000
|
| Size: |
24576
|
|
|
563F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314329754.000000000563F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
563F000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5626000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416636206.0000000005626000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5626000
|
| Size: |
8192
|
|
|
830F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456239612.000000000830F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
830F000
|
| Size: |
606208
|
|
|
8324000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457756004.0000000008324000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8324000
|
| Size: |
720896
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263352714.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFD94292000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208556832.00007FFD94292000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD94292000
|
| Size: |
53248
|
|
|
22210D76000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3205865223.0000022210D76000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22210D76000
|
| Size: |
16384
|
|
|
7FF7EE102000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3253823529.00007FF7EE102000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE102000
|
| Size: |
102400
|
|
|
51AD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3279193333.00000000051AD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
51AD000
|
| Size: |
458752
|
|
|
7F87000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281122020.0000000007F87000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F87000
|
| Size: |
8192
|
|
|
810000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3390278058.0000000000810000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
810000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261420773.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229056970.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312599825.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
22205BC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190816182.0000022205BC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22205BC0000
|
| Size: |
8192
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263946449.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
40DE000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040DE000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40DE000
|
| Size: |
4096
|
|
|
8261000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458502641.0000000008261000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8261000
|
| Size: |
786432
|
|
|
3631000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3204596927.0000000003631000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3631000
|
| Size: |
147456
|
|
|
222100AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3199339643.00000222100AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
222100AB000
|
| Size: |
352256
|
|
|
7FFD947E8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3290888018.00007FFD947E8000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD947E8000
|
| Size: |
724992
|
|
|
7FFDA38CE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191474197.00007FFDA38CE000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA38CE000
|
| Size: |
49152
|
|
|
8061000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455086686.0000000008061000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8061000
|
| Size: |
1024000
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272648984.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309982500.0000000007F74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F74000
|
| Size: |
4096
|
|
|
8266000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462177088.0000000008266000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8266000
|
| Size: |
1007616
|
|
|
7FFDAF381000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3292608094.00007FFDAF381000.00000004.00000001.01000000.00000016.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDAF381000
|
| Size: |
4096
|
|
|
28F62ECF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3181014766.0000028F62ECF000.00000002.00000001.01000000.00000010.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
28F62ECF000
|
| Size: |
6696960
|
|
|
1FE75727000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3252922965.000001FE75727000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1FE75727000
|
| Size: |
4096
|
|
|
831D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456883769.000000000831D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
831D000
|
| Size: |
655360
|
|
|
2220668D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3190845455.000002220668D000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2220668D000
|
| Size: |
32768
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272837163.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
8373000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462676138.0000000008373000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8373000
|
| Size: |
1040384
|
|
|
7FF7EE0C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000000.3180258513.00007FF7EE0C0000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE0C0000
|
| Size: |
4096
|
|
|
7FFDA36B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254359399.00007FFDA36B0000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA36B0000
|
| Size: |
16384
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312297673.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
F6A000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000002.3391711873.0000000000F6A000.00000008.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
F6A000
|
| Size: |
69632
|
|
|
8358000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2461118684.0000000008358000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8358000
|
| Size: |
950272
|
|
|
55B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2262586525.00000000055B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55B7000
|
| Size: |
65536
|
|
|
4132000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004132000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4132000
|
| Size: |
4096
|
|
|
7FFDA55C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.3191878129.00007FFDA55C1000.00000020.00000001.01000000.0000000C.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA55C1000
|
| Size: |
65536
|
|
|
7FF627C7F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3189639598.00007FF627C7F000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FF627C7F000
|
| Size: |
8192
|
|
|
7FFDA55A6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292041319.00007FFDA55A6000.00000002.00000001.01000000.00000019.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55A6000
|
| Size: |
188416
|
|
|
24200000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395184690.0000000024200000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
24200000
|
| Size: |
4096
|
|
|
7FFD94660000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3253852175.00007FFD94660000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD94660000
|
| Size: |
4096
|
|
|
7FFD94468000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208804442.00007FFD94468000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD94468000
|
| Size: |
167936
|
|
|
28F6DC52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3188716039.0000028F6DC52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F6DC52000
|
| Size: |
65536
|
|
|
7FFDA55F7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3255066628.00007FFDA55F7000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55F7000
|
| Size: |
16384
|
|
|
7011000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229816378.0000000007011000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7011000
|
| Size: |
4096
|
|
|
7FFDA369E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3190965630.00007FFDA369E000.00000004.00000001.01000000.0000000B.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA369E000
|
| Size: |
12288
|
|
|
F3D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391593311.0000000000F3D000.00000004.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
F3D000
|
| Size: |
4096
|
|
|
5431000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3260692249.0000000005431000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5431000
|
| Size: |
147456
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3246777485.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206094367.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263813455.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDA38E3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291827254.00007FFDA38E3000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA38E3000
|
| Size: |
28672
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262032693.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDA55F6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3292200333.00007FFDA55F6000.00000004.00000001.01000000.00000017.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA55F6000
|
| Size: |
4096
|
|
|
27D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276211647.00000000027D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27D0000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262279786.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
1FE6A5E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3246495262.000001FE6A5E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6A5E0000
|
| Size: |
28672
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262434851.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFDA36A2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3291371545.00007FFDA36A2000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA36A2000
|
| Size: |
53248
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312119265.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
7FFDA55F1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292175964.00007FFDA55F1000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55F1000
|
| Size: |
20480
|
|
|
7FBE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281690990.0000000007FBE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBE000
|
| Size: |
126976
|
|
|
4166000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004166000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4166000
|
| Size: |
4096
|
|
|
7FFDA38E3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254738798.00007FFDA38E3000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA38E3000
|
| Size: |
28672
|
|
|
7FFDA55E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191998916.00007FFDA55E0000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55E0000
|
| Size: |
4096
|
|
|
835E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2460256453.000000000835E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
835E000
|
| Size: |
917504
|
|
|
810F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2297623373.000000000810F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
810F000
|
| Size: |
4096
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281759183.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
4096
|
|
|
2BC5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261947055.0000000002BC5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC5000
|
| Size: |
4096
|
|
|
1FE75696000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3252922965.000001FE75696000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1FE75696000
|
| Size: |
16384
|
|
|
5635000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2262563321.0000000005635000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5635000
|
| Size: |
32768
|
|
|
7F79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430920870.0000000007F79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F79000
|
| Size: |
20480
|
|
|
7FAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281122020.0000000007FAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAE000
|
| Size: |
16384
|
|
|
40F2000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040F2000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F2000
|
| Size: |
4096
|
|
|
7FFDA46D6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3209279702.00007FFDA46D6000.00000004.00000001.01000000.00000017.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA46D6000
|
| Size: |
4096
|
|
|
837C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462841735.000000000837C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
837C000
|
| Size: |
1048576
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313238448.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313238448.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
7FFDA38A5000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3254600068.00007FFDA38A5000.00000004.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA38A5000
|
| Size: |
118784
|
|
|
7F75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2295854821.0000000007F75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F75000
|
| Size: |
40960
|
|
|
7FD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314117937.0000000007FD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FD4000
|
| Size: |
4096
|
|
|
7FF627C82000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.2913611432.00007FF627C82000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF627C82000
|
| Size: |
102400
|
|
|
29A14D26000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3283160895.0000029A14D26000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
29A14D26000
|
| Size: |
4268032
|
|
|
826B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2462590656.000000000826B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826B000
|
| Size: |
1032192
|
|
|
7FFDA36C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3254399588.00007FFDA36C0000.00000002.00000001.01000000.00000013.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA36C0000
|
| Size: |
4096
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430786248.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
4096
|
|
|
28F629A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180678422.0000028F629A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F629A6000
|
| Size: |
20480
|
|
|
22205FFF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3190845455.0000022205FFF000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
22205FFF000
|
| Size: |
6696960
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309570027.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
F3C4BFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3282861424.000000F3C4BFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F3C4BFC000
|
| Size: |
16384
|
|
|
826C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457829307.000000000826C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
826C000
|
| Size: |
729088
|
|
|
562C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416636206.000000000562C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
562C000
|
| Size: |
4096
|
|
|
4094000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004094000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4094000
|
| Size: |
4096
|
|
|
563C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313858604.000000000563C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
563C000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311793759.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
4096
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263452985.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
7F75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416560266.0000000007F75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F75000
|
| Size: |
36864
|
|
|
7FFD94015000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208076919.00007FFD94015000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD94015000
|
| Size: |
196608
|
|
|
1FE6A613000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3246495262.000001FE6A613000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE6A613000
|
| Size: |
270336
|
|
|
8340000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2459598533.0000000008340000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8340000
|
| Size: |
868352
|
|
|
7FFDA5B81000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.3292277063.00007FFDA5B81000.00000020.00000001.01000000.00000014.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA5B81000
|
| Size: |
159744
|
|
|
1FE6B15C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3246729756.000001FE6B15C000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1FE6B15C000
|
| Size: |
32768
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312599825.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
37E9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392757195.00000000037E9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
37E9000
|
| Size: |
4096
|
|
|
5626000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2313947147.0000000005626000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5626000
|
| Size: |
8192
|
|
|
1FE756A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3252922965.000001FE756A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1FE756A2000
|
| Size: |
65536
|
|
|
8325000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458374309.0000000008325000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8325000
|
| Size: |
770048
|
|
|
28F65E81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3184337766.0000028F65E81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F65E81000
|
| Size: |
69632
|
|
|
7F79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2309515310.0000000007F79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F79000
|
| Size: |
12288
|
|
|
7FFDAF382000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292630404.00007FFDAF382000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAF382000
|
| Size: |
8192
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229240507.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3206790334.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
76AC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2228828476.00000000076AC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
76AC000
|
| Size: |
536576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
831A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456733953.000000000831A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
831A000
|
| Size: |
638976
|
|
|
7FAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281122020.0000000007FAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAB000
|
| Size: |
4096
|
|
|
7FFD94120000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3208339729.00007FFD94120000.00000002.00000001.01000000.00000018.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD94120000
|
| Size: |
4096
|
|
|
7FFDA38E3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191532348.00007FFDA38E3000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA38E3000
|
| Size: |
28672
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312020784.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
414C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000414C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
414C000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3272006719.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7F67000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296210506.0000000007F67000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F67000
|
| Size: |
4096
|
|
|
400A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000400A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
400A000
|
| Size: |
12288
|
|
|
22206AB0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3190845455.0000022206AB0000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
22206AB0000
|
| Size: |
10485760
|
|
|
4200000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395028778.0000000004200000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4200000
|
| Size: |
4096
|
|
|
23F000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.2119285411.000000000023F000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
23F000
|
| Size: |
20480
|
|
|
1FE75132000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3252784566.000001FE75132000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE75132000
|
| Size: |
1527808
|
|
|
4064000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004064000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4064000
|
| Size: |
57344
|
|
|
7FFDA5529000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191670798.00007FFDA5529000.00000002.00000001.01000000.0000000F.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5529000
|
| Size: |
12288
|
|
|
40E0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.00000000040E0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40E0000
|
| Size: |
4096
|
|
|
4168000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004168000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4168000
|
| Size: |
12288
|
|
|
409E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000409E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
409E000
|
| Size: |
28672
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229223246.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
29A15B40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3283160895.0000029A15B40000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
29A15B40000
|
| Size: |
1462272
|
|
|
7FFD944B2000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000005.00000002.3208901103.00007FFD944B2000.00000008.00000001.01000000.00000013.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFD944B2000
|
| Size: |
8192
|
|
|
7FFDA38C2000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000F.00000002.3291701129.00007FFDA38C2000.00000008.00000001.01000000.00000013.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFDA38C2000
|
| Size: |
8192
|
|
|
7FFDA4331000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000005.00000002.3209073864.00007FFDA4331000.00000020.00000001.01000000.00000019.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDA4331000
|
| Size: |
348160
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261966606.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFD9489F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3190644805.00007FFD9489F000.00000004.00000001.01000000.0000000E.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD9489F000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261391549.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
7FFDA5530000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191692792.00007FFDA5530000.00000002.00000001.01000000.0000000D.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5530000
|
| Size: |
4096
|
|
|
46E3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3277036727.00000000046E3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
46E3000
|
| Size: |
512000
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264002360.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
DEECDCB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3246173424.000000DEECDCB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DEECDCB000
|
| Size: |
20480
|
|
|
5430000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3279662103.0000000005430000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5430000
|
| Size: |
57344
|
|
|
5404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2229117371.0000000005404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
7FAD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263230210.0000000007FAD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAD000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FDE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2281690990.0000000007FDE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FDE000
|
| Size: |
4096
|
|
|
7FFDA5BBC000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292386220.00007FFDA5BBC000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA5BBC000
|
| Size: |
8192
|
|
|
7FF7EE102000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3207885464.00007FF7EE102000.00000002.00000001.01000000.00000012.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF7EE102000
|
| Size: |
102400
|
|
|
1FE74375000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3251872442.000001FE74375000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1FE74375000
|
| Size: |
6656000
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264782599.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
28F6D85C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3188533716.0000028F6D85C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6D85C000
|
| Size: |
491520
|
|
|
4112000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004112000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4112000
|
| Size: |
4096
|
|
|
7FFDA5528000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3191642598.00007FFDA5528000.00000004.00000001.01000000.0000000F.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA5528000
|
| Size: |
4096
|
|
|
1FE758AC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3253115839.000001FE758AC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1FE758AC000
|
| Size: |
491520
|
|
|
83CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2457381176.00000000083CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
83CD000
|
| Size: |
688128
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263385459.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
4096
|
|
|
7FFDAC090000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3192306980.00007FFDAC090000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAC090000
|
| Size: |
4096
|
|
|
8263000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2456310880.0000000008263000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8263000
|
| Size: |
606208
|
|
|
3354000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000003.3246756332.0000000003354000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3354000
|
| Size: |
4096
|
|
|
7FFD93EC0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3207925900.00007FFD93EC0000.00000002.00000001.01000000.0000001A.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFD93EC0000
|
| Size: |
4096
|
|
|
45C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3277036727.00000000045C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C0000
|
| Size: |
1187840
|
|
|
7FA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280037893.0000000007FA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FA1000
|
| Size: |
8192
|
|
|
27E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.3276243041.00000000027E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27E0000
|
| Size: |
4096
|
|
|
22206663000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3190845455.0000022206663000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
22206663000
|
| Size: |
32768
|
|
|
8B1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000B.00000002.3390418129.00000000008B1000.00000020.00000001.01000000.0000001D.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
8B1000
|
| Size: |
700416
|
|
|
7FFDA46D7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209303234.00007FFDA46D7000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA46D7000
|
| Size: |
16384
|
|
|
7F61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2279692635.0000000007F61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F61000
|
| Size: |
122880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
416C000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000416C000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
416C000
|
| Size: |
4096
|
|
|
28F65CC1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.3179433192.0000028F65CC1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
28F65CC1000
|
| Size: |
524288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
36C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3392757195.00000000036C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
36C0000
|
| Size: |
1196032
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3261570910.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
4096
|
|
|
7F8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312468047.0000000007F8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8E000
|
| Size: |
4096
|
|
|
837F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2463009648.000000000837F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
837F000
|
| Size: |
1064960
|
|
|
7FFDA5513000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3209624663.00007FFDA5513000.00000004.00000001.01000000.00000014.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDA5513000
|
| Size: |
12288
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3262304885.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263069132.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
22205A77000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190568108.0000022205A77000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22205A77000
|
| Size: |
8192
|
|
|
7F6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2416623949.0000000007F6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F6E000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7F7E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2263894914.0000000007F7E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F7E000
|
| Size: |
16384
|
|
|
240FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3395140347.00000000240FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
240FD000
|
| Size: |
12288
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3264640074.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2312228104.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
7FFD9489B000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000004.00000002.3190618602.00007FFD9489B000.00000008.00000001.01000000.0000000E.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFD9489B000
|
| Size: |
16384
|
|
|
7FFD94899000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000004.00000002.3190564654.00007FFD94899000.00000008.00000001.01000000.0000000E.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
7FFD94899000
|
| Size: |
4096
|
|
|
7FCE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2296442875.0000000007FCE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FCE000
|
| Size: |
16384
|
|
|
7F8C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2280317490.0000000007F8C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8C000
|
| Size: |
4096
|
|
|
7FFDA55C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191855468.00007FFDA55C0000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA55C0000
|
| Size: |
4096
|
|
|
401A000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.000000000401A000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
401A000
|
| Size: |
4096
|
|
|
4DE6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2121925905.0000000004DE6000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4DE6000
|
| Size: |
86016
|
|
|
7FFDAC091000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000F.00000002.3292437024.00007FFDAC091000.00000020.00000001.01000000.00000015.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7FFDAC091000
|
| Size: |
69632
|
|
|
1FE756B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3252922965.000001FE756B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1FE756B6000
|
| Size: |
458752
|
|
|
7F9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311952177.0000000007F9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9E000
|
| Size: |
8192
|
|
|
29A14D15000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3283160895.0000029A14D15000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
29A14D15000
|
| Size: |
28672
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3273127406.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271810480.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
4016000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3393054747.0000000004016000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4016000
|
| Size: |
12288
|
|
|
8263000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2455720527.0000000008263000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8263000
|
| Size: |
557056
|
|
|
7FFDA36C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.3191041134.00007FFDA36C0000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA36C0000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263756542.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
7FFD940FA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3208218951.00007FFD940FA000.00000004.00000001.01000000.0000001A.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFD940FA000
|
| Size: |
4096
|
|
|
9B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000002.3390673086.00000000009B0000.00000002.00000001.01000000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9B0000
|
| Size: |
4096
|
|
|
29A14180000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3282970707.0000029A14180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A14180000
|
| Size: |
28672
|
|
|
7FFDAC0AA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000F.00000002.3292512195.00007FFDAC0AA000.00000002.00000001.01000000.00000015.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDAC0AA000
|
| Size: |
12288
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3271861063.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FFDAF381000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3255364474.00007FFDAF381000.00000004.00000001.01000000.00000016.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7FFDAF381000
|
| Size: |
4096
|
|
|
7F66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2295895995.0000000007F66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F66000
|
| Size: |
8192
|
|
|
DD484F9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180489295.000000DD484F9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DD484F9000
|
| Size: |
28672
|
|
|
222059D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3190543303.00000222059D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
222059D0000
|
| Size: |
4096
|
|
|
1FE75930000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.3253247490.000001FE75930000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1FE75930000
|
| Size: |
212992
|
|
|
7F95000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2430786248.0000000007F95000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F95000
|
| Size: |
12288
|
|
|
29A1EE69000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000F.00000002.3290182515.0000029A1EE69000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
15
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A1EE69000
|
| Size: |
491520
|
|
|
1FE6B590000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.3246729756.000001FE6B590000.00000002.00000001.01000000.0000001C.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1FE6B590000
|
| Size: |
10485760
|
|
|
28F629AC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.3180678422.0000028F629AC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F629AC000
|
| Size: |
180224
|
|
|
7F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2311649917.0000000007F8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F8F000
|
| Size: |
4096
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263840841.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
|
5626000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2431030706.0000000005626000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5626000
|
| Size: |
8192
|
|
|
5531000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3265313504.0000000005531000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5531000
|
| Size: |
4096
|
|
|
7FBB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2314117937.0000000007FBB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FBB000
|
| Size: |
8192
|
|
|
7FFDA4330000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000005.00000002.3209051175.00007FFDA4330000.00000002.00000001.01000000.00000019.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FFDA4330000
|
| Size: |
4096
|
|
|
8320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.2458233972.0000000008320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8320000
|
| Size: |
761856
|
|
|
1058000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.3391853828.0000000001058000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1058000
|
| Size: |
372736
|
|
|
2BC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.3263651471.0000000002BC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BC4000
|
| Size: |
8192
|
|
