|
5D70000
|
direct allocation
|
page read and write
|
 |
|
|
| Name: |
0000000E.00000002.2333627113.0000000005D70000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5D70000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
5FF0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070657925.0000000005FF0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5FF0000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
13C2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.2342841959.00000000013C2000.00000002.00000001.01000000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
13C2000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
22B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4122038598.00000000022B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
22B1000
|
| Size: |
5689344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected XWorm |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
95E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143785250.00000000095E0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
95E0000
|
| Size: |
4096
|
|
|
79E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121340540.000000000079E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
79E000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807403987.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
977000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1704975148.0000000000977000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
977000
|
| Size: |
262144
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807663814.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
2576000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215183129.0000000002576000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2576000
|
| Size: |
4096
|
|
|
4C20000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4127620704.0000000004C20000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4C20000
|
| Size: |
4096
|
|
|
2547000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1714140988.0000000002547000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2547000
|
| Size: |
4096
|
|
|
12C7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.2275355829.00000000012C7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12C7000
|
| Size: |
4096
|
|
|
50D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4128228895.00000000050D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50D7000
|
| Size: |
16384
|
|
|
2E6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275859203.0000000002E6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E6B000
|
| Size: |
8192
|
|
|
504E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4128061124.000000000504E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
504E000
|
| Size: |
8192
|
|
|
DFA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000020.00000002.4097365790.0000000000DFA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DFA000
|
| Size: |
4096
|
|
|
132E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275435236.000000000132E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
132E000
|
| Size: |
8192
|
|
|
40065000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1717853846.0000000040065000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40065000
|
| Size: |
8192
|
|
|
8B9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1713135402.0000000008B9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8B9E000
|
| Size: |
536576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
68655000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1720236397.0000000068655000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
68655000
|
| Size: |
4096
|
|
|
2380000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2296334921.0000000002380000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2380000
|
| Size: |
28672
|
|
|
3360000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2331785845.0000000003360000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3360000
|
| Size: |
4096
|
|
|
B78000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1767263576.0000000000B78000.00000020.00000001.01000000.00000015.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
B78000
|
| Size: |
4096
|
|
|
8B26000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1773344739.0000000008B26000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8B26000
|
| Size: |
4096
|
|
|
C8C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1709846575.0000000000C8C000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C8C000
|
| Size: |
114688
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807264263.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
8C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121414845.00000000008C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8C0000
|
| Size: |
4096
|
|
|
C63000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1768378548.0000000000C63000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C63000
|
| Size: |
4096
|
|
|
2A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4098350076.0000000002A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A5F000
|
| Size: |
4096
|
|
|
68657000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1720236397.0000000068657000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
68657000
|
| Size: |
65536
|
|
|
129D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.2275075204.000000000129D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
129D000
|
| Size: |
4096
|
|
|
92E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295863302.000000000092E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
92E000
|
| Size: |
8192
|
|
|
3091000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2276075364.0000000003091000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3091000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
BED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2214623690.0000000000BED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
BED000
|
| Size: |
4096
|
|
|
B2E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139794203.0000000000B2E000.00000004.00000001.01000000.00000016.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B2E000
|
| Size: |
4096
|
|
|
1907000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.2344712784.0000000001907000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1907000
|
| Size: |
4096
|
|
|
2FFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2331469111.0000000002FFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FFC000
|
| Size: |
16384
|
|
|
37FE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332561123.00000000037FE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
37FE000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807159923.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
239D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082358278.000000000239D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
239D000
|
| Size: |
12288
|
|
|
1093000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274427210.0000000001093000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1093000
|
| Size: |
20480
|
|
|
12A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275095530.00000000012A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12A3000
|
| Size: |
20480
|
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552462644.00000000009C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9C0000
|
| Size: |
8192
|
|
|
1710000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.2275585098.0000000001710000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1710000
|
| Size: |
28672
|
|
|
C1A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2214798415.0000000000C1A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C1A000
|
| Size: |
4096
|
|
|
31DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098532230.00000000031DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31DE000
|
| Size: |
8192
|
|
|
C70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214984107.0000000000C70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C70000
|
| Size: |
8192
|
|
|
191B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.2344887456.000000000191B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
191B000
|
| Size: |
4096
|
|
|
8DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708885733.00000000008DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8DE000
|
| Size: |
118784
|
|
|
18F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2344540110.00000000018F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18F0000
|
| Size: |
8192
|
|
|
BC1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1709514783.0000000000BC1000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
BC1000
|
| Size: |
151552
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2578000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215183129.0000000002578000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2578000
|
| Size: |
4096
|
|
|
8C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765917234.00000000008C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8C0000
|
| Size: |
32768
|
|
|
2521000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1711995953.0000000002521000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2521000
|
| Size: |
245760
|
|
|
32B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4126303825.00000000032B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B1000
|
| Size: |
20480
|
|
|
18A0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.2098396709.00000000018A0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
18A0000
|
| Size: |
4096
|
|
|
3210000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000001C.00000002.2937371398.0000000003210000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
3210000
|
| Size: |
4096
|
|
|
2710000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1710814874.0000000002710000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2710000
|
| Size: |
8192
|
|
|
4C00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4127502465.0000000004C00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
6C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1714419850.00000000006C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C4000
|
| Size: |
4096
|
|
|
171D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.2098001983.000000000171D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
171D000
|
| Size: |
4096
|
|
|
5290000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4128722785.0000000005290000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5290000
|
| Size: |
53248
|
|
|
9A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1705835973.00000000009A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9A5000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5435000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4129264601.0000000005435000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5435000
|
| Size: |
36864
|
|
|
2583000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215313822.0000000002583000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2583000
|
| Size: |
28672
|
|
|
5FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4132854937.0000000005FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5FCE000
|
| Size: |
8192
|
|
|
9E3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552603033.00000000009E3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9E3000
|
| Size: |
28672
|
|
|
BA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214460980.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA0000
|
| Size: |
4096
|
|
|
C27000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1767695676.0000000000C27000.00000020.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
C27000
|
| Size: |
4096
|
|
|
3484000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2248124773.0000000003484000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3484000
|
| Size: |
4096
|
|
|
6BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765756200.00000000006BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BE000
|
| Size: |
8192
|
|
|
56D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098738500.00000000056D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56D0000
|
| Size: |
65536
|
|
|
35D0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069624906.00000000035D0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
35D0000
|
| Size: |
8192
|
|
|
7A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139096877.00000000007A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A4000
|
| Size: |
188416
|
|
|
5A31000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1806997382.0000000005A31000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5A31000
|
| Size: |
241664
|
|
|
3226000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2937403355.0000000003226000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3226000
|
| Size: |
4096
|
|
|
B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214433105.0000000000B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B9E000
|
| Size: |
8192
|
|
|
32600000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1716185760.0000000032600000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
32600000
|
| Size: |
4096
|
|
|
21661000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1715877164.0000000021661000.00000020.00000001.01000000.00000006.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
21661000
|
| Size: |
24576
|
|
|
91B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708885733.000000000091B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
91B000
|
| Size: |
188416
|
|
|
21668000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143870793.0000000021668000.00000004.00000001.01000000.00000011.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
21668000
|
| Size: |
4096
|
|
|
2ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378043201.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED0000
|
| Size: |
4096
|
|
|
1950000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001C.00000002.2935129702.0000000001950000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1950000
|
| Size: |
28672
|
|
|
3311000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2345663762.0000000003311000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3311000
|
| Size: |
331776
|
|
|
95F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708885733.000000000095F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
95F000
|
| Size: |
110592
|
|
|
40062000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000002.1717813123.0000000040062000.00000008.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40062000
|
| Size: |
8192
|
|
|
5EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295231969.00000000005EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EE000
|
| Size: |
8192
|
|
|
5B90000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.2347142318.0000000005B90000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5B90000
|
| Size: |
4096
|
|
|
DE9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097216501.0000000000DE9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DE9000
|
| Size: |
16384
|
|
|
2290000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296285199.0000000002290000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2290000
|
| Size: |
4096
|
|
|
944F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1706720383.000000000944F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
944F000
|
| Size: |
479232
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
8EA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4121606726.00000000008EA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8EA000
|
| Size: |
4096
|
|
|
10000000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1715150340.0000000010000000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
10000000
|
| Size: |
4096
|
|
|
584000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000000.1699591349.0000000000584000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
584000
|
| Size: |
389120
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3150000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2068629997.0000000003150000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3150000
|
| Size: |
16384
|
|
|
760000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139096877.0000000000760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
24576
|
|
|
C7A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1709809574.0000000000C7A000.00000004.00000001.01000000.0000000C.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C7A000
|
| Size: |
61440
|
|
|
EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097697589.0000000000EA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EA0000
|
| Size: |
65536
|
|
|
2DFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2067652288.0000000002DFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DFC000
|
| Size: |
16384
|
|
|
3140000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2068536582.0000000003140000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3140000
|
| Size: |
4096
|
|
|
933D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143632060.000000000933D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
933D000
|
| Size: |
4096
|
|
|
3234000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2937577448.0000000003234000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3234000
|
| Size: |
24576
|
|
|
12C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275333373.00000000012C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12C0000
|
| Size: |
4096
|
|
|
57AD000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070156670.00000000057AD000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
57AD000
|
| Size: |
458752
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807679622.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
7F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551456666.00000000007F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F4000
|
| Size: |
4096
|
|
|
1980000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.2345020314.0000000001980000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1980000
|
| Size: |
8192
|
|
|
800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551502857.0000000000800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
800000
|
| Size: |
4096
|
|
|
19ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2345227846.00000000019ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19ED000
|
| Size: |
12288
|
|
|
2576000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1710174846.0000000002576000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2576000
|
| Size: |
585728
|
|
|
2E60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275859203.0000000002E60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E60000
|
| Size: |
12288
|
|
|
284F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082553841.000000000284F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
284F000
|
| Size: |
4096
|
|
|
977000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1705835973.0000000000977000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
977000
|
| Size: |
184320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
12CB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.2275396306.00000000012CB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12CB000
|
| Size: |
4096
|
|
|
685C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1719635431.00000000685C1000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
685C1000
|
| Size: |
516096
|
|
|
5E30000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070565946.0000000005E30000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5E30000
|
| Size: |
4096
|
|
|
13C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.2342742060.00000000013C0000.00000002.00000001.01000000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
13C0000
|
| Size: |
4096
|
|
|
3156000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378432495.0000000003156000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3156000
|
| Size: |
4096
|
|
|
258F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552767394.000000000258F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
258F000
|
| Size: |
4096
|
|
|
529E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4128722785.000000000529E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
529E000
|
| Size: |
8192
|
|
|
170E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275564671.000000000170E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
170E000
|
| Size: |
8192
|
|
|
BE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4092589650.0000000000BE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BE0000
|
| Size: |
8192
|
|
|
8B48000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1713135402.0000000008B48000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8B48000
|
| Size: |
348160
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765441813.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
B50000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1709386203.0000000000B50000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B50000
|
| Size: |
4096
|
|
|
E90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097620764.0000000000E90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E90000
|
| Size: |
24576
|
|
|
18F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2344621454.00000000018F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18F4000
|
| Size: |
24576
|
|
|
2521000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1714140988.0000000002521000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2521000
|
| Size: |
86016
|
|
|
5243000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069880523.0000000005243000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5243000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
744000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1703206904.0000000000744000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
744000
|
| Size: |
4096
|
|
|
32601000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1716256854.0000000032601000.00000020.00000001.01000000.00000009.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
32601000
|
| Size: |
544768
|
|
|
5407000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4129264601.0000000005407000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5407000
|
| Size: |
4096
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807358289.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295905952.0000000000930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
4096
|
|
|
6C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765805140.00000000006C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C0000
|
| Size: |
16384
|
|
|
AD1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1709239447.0000000000AD1000.00000020.00000001.01000000.0000000A.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
AD1000
|
| Size: |
356352
|
|
|
530000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120293807.0000000000530000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
530000
|
| Size: |
4096
|
|
|
2CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551102005.00000000002CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CC000
|
| Size: |
16384
|
|
|
8B49000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143472015.0000000008B49000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8B49000
|
| Size: |
4096
|
|
|
3761000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215894052.0000000003761000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3761000
|
| Size: |
20480
|
|
|
31FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2935947715.00000000031FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31FE000
|
| Size: |
8192
|
|
|
5680000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070156670.0000000005680000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5680000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
31A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378695598.00000000031A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31A1000
|
| Size: |
262144
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
22DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296310142.00000000022DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
22DE000
|
| Size: |
8192
|
|
|
8A02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143257285.0000000008A02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8A02000
|
| Size: |
4096
|
|
|
9F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121877228.00000000009F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9F0000
|
| Size: |
65536
|
|
|
744000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1708414526.0000000000744000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
744000
|
| Size: |
4096
|
|
|
5404000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4129264601.0000000005404000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5404000
|
| Size: |
4096
|
|
|
24B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1768607588.00000000024B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24B7000
|
| Size: |
4096
|
|
|
4940000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296633995.0000000004940000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4940000
|
| Size: |
65536
|
|
|
4F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120243193.00000000004F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F7000
|
| Size: |
36864
|
|
|
1567000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932686283.0000000001567000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1567000
|
| Size: |
102400
|
|
|
143F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275503530.000000000143F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
143F000
|
| Size: |
4096
|
|
|
B75000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1767263576.0000000000B75000.00000020.00000001.01000000.00000015.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
B75000
|
| Size: |
4096
|
|
|
59E9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2333170618.00000000059E9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
59E9000
|
| Size: |
4096
|
|
|
1345000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376287610.0000000001345000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1345000
|
| Size: |
16384
|
|
|
D7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215010469.0000000000D7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D7F000
|
| Size: |
4096
|
|
|
2166D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143870793.000000002166D000.00000004.00000001.01000000.00000011.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2166D000
|
| Size: |
4096
|
|
|
5ECE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070588920.0000000005ECE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ECE000
|
| Size: |
8192
|
|
|
5E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120340215.00000000005E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E9000
|
| Size: |
65536
|
|
|
1730000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098084788.0000000001730000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1730000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807280145.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
549E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2938034455.000000000549E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
549E000
|
| Size: |
8192
|
|
|
95F2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143785250.00000000095F2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
95F2000
|
| Size: |
4096
|
|
|
1007F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1774434198.000000001007F000.00000004.00000001.01000000.00000012.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1007F000
|
| Size: |
12288
|
|
|
16D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343412086.00000000016D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16D0000
|
| Size: |
8192
|
|
|
17B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2934389137.00000000017B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17B0000
|
| Size: |
4096
|
|
|
12F8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097342279.00000000012F8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12F8000
|
| Size: |
32768
|
|
|
1506000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343109554.0000000001506000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1506000
|
| Size: |
12288
|
|
|
DDD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000020.00000002.4097182796.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DDD000
|
| Size: |
4096
|
|
|
128B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2342514202.000000000128B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
128B000
|
| Size: |
20480
|
|
|
1320000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376287610.0000000001320000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1320000
|
| Size: |
28672
|
|
|
FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274211819.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FD0000
|
| Size: |
20480
|
|
|
C0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552701087.0000000000C0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C0F000
|
| Size: |
4096
|
|
|
151E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932609352.000000000151E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
151E000
|
| Size: |
8192
|
|
|
401E2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1718842807.00000000401E2000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
401E2000
|
| Size: |
94208
|
|
|
1900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2934975913.0000000001900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1900000
|
| Size: |
4096
|
|
|
2E50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275760845.0000000002E50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E50000
|
| Size: |
65536
|
|
|
8BD9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1773382770.0000000008BD9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8BD9000
|
| Size: |
4096
|
|
|
9C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214353698.00000000009C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9C5000
|
| Size: |
12288
|
|
|
C66000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1768378548.0000000000C66000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C66000
|
| Size: |
8192
|
|
|
339E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2937691539.000000000339E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
339E000
|
| Size: |
8192
|
|
|
197E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2344981530.000000000197E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
197E000
|
| Size: |
8192
|
|
|
B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552679751.0000000000B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0E000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807733634.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
8CB9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1773472285.0000000008CB9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8CB9000
|
| Size: |
4096
|
|
|
3163000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378573163.0000000003163000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3163000
|
| Size: |
28672
|
|
|
5289000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4128508932.0000000005289000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5289000
|
| Size: |
28672
|
|
|
94F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765917234.000000000094F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
94F000
|
| Size: |
90112
|
|
|
C31000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1767695676.0000000000C31000.00000020.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
C31000
|
| Size: |
69632
|
|
|
45FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552949018.00000000045FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45FD000
|
| Size: |
12288
|
|
|
5A90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4132019617.0000000005A90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A90000
|
| Size: |
53248
|
|
|
744000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1702932406.0000000000744000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
744000
|
| Size: |
4096
|
|
|
1850000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098186945.0000000001850000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1850000
|
| Size: |
4096
|
|
|
9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765385538.000000000009C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9C000
|
| Size: |
16384
|
|
|
1930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098503409.0000000001930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1930000
|
| Size: |
8192
|
|
|
17F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2934852462.00000000017F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17F0000
|
| Size: |
8192
|
|
|
985000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765917234.0000000000985000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
985000
|
| Size: |
32768
|
|
|
5D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4132300082.0000000005D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D8E000
|
| Size: |
8192
|
|
|
3750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069829447.0000000003750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3750000
|
| Size: |
20480
|
|
|
27C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082474638.00000000027C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27C0000
|
| Size: |
20480
|
|
|
38C4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2179133911.00000000038C4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
38C4000
|
| Size: |
176128
|
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2087342672.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D4000
|
| Size: |
4096
|
|
|
99E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214303065.000000000099E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
99E000
|
| Size: |
8192
|
|
|
3220000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2937403355.0000000003220000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3220000
|
| Size: |
12288
|
|
|
2570000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215183129.0000000002570000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2570000
|
| Size: |
12288
|
|
|
146F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097660360.000000000146F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
146F000
|
| Size: |
49152
|
|
|
5FCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070611080.0000000005FCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5FCF000
|
| Size: |
4096
|
|
|
2EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275998622.0000000002EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EA0000
|
| Size: |
4096
|
|
|
1007F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143850385.000000001007F000.00000004.00000001.01000000.00000012.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1007F000
|
| Size: |
12288
|
|
|
32B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4126303825.00000000032B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B9000
|
| Size: |
4096
|
|
|
90B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765917234.000000000090B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
90B000
|
| Size: |
188416
|
|
|
2461000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1702898892.0000000002461000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2461000
|
| Size: |
245760
|
|
|
3200000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2936312747.0000000003200000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
65536
|
|
|
1790000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2934279236.0000000001790000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1790000
|
| Size: |
8192
|
|
|
8A86000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1773265585.0000000008A86000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8A86000
|
| Size: |
4096
|
|
|
25F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2140124472.00000000025F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25F3000
|
| Size: |
4096
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807750142.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
93CA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1773708179.00000000093CA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
93CA000
|
| Size: |
4096
|
|
|
880000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551619692.0000000000880000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
880000
|
| Size: |
16384
|
|
|
96E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143816618.00000000096E0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96E0000
|
| Size: |
4096
|
|
|
5E8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2138789801.00000000005E8000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5E8000
|
| Size: |
4096
|
|
|
43A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2937939406.00000000043A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43A1000
|
| Size: |
20480
|
|
|
BE9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1709634770.0000000000BE9000.00000004.00000001.01000000.0000000B.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
BE9000
|
| Size: |
49152
|
|
|
3730000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069806951.0000000003730000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3730000
|
| Size: |
4096
|
|
|
DD3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000020.00000002.4097102336.0000000000DD3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DD3000
|
| Size: |
4096
|
|
|
A9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139760716.0000000000A9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9F000
|
| Size: |
4096
|
|
|
1773000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343658774.0000000001773000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1773000
|
| Size: |
36864
|
|
|
255E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215066340.000000000255E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
255E000
|
| Size: |
8192
|
|
|
6C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1712488226.00000000006C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C4000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2213795150.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
20480
|
|
|
21667000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1715922616.0000000021667000.00000004.00000001.01000000.00000006.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
21667000
|
| Size: |
28672
|
|
|
4291000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098638404.0000000004291000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4291000
|
| Size: |
20480
|
|
|
3484000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2248185055.0000000003484000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3484000
|
| Size: |
4096
|
|
|
25D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2140041620.00000000025D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25D0000
|
| Size: |
8192
|
|
|
94C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765917234.000000000094C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
94C000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807090761.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
17C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2934496022.00000000017C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17C0000
|
| Size: |
4096
|
|
|
255C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1714140988.000000000255C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
255C000
|
| Size: |
4096
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295275382.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
8192
|
|
|
400B1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1718249487.00000000400B1000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
400B1000
|
| Size: |
823296
|
|
|
1280000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274937241.0000000001280000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1280000
|
| Size: |
8192
|
|
|
1330000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097398997.0000000001330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1330000
|
| Size: |
20480
|
|
|
1328000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376287610.0000000001328000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1328000
|
| Size: |
114688
|
|
|
322B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2937403355.000000000322B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
322B000
|
| Size: |
8192
|
|
|
FE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274291955.0000000000FE0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FE0000
|
| Size: |
4096
|
|
|
13EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097485554.00000000013EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13EE000
|
| Size: |
8192
|
|
|
15C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932686283.00000000015C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15C6000
|
| Size: |
73728
|
|
|
A53000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4088280346.0000000000A53000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A53000
|
| Size: |
16384
|
|
|
E07000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000020.00000002.4097395870.0000000000E07000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
E07000
|
| Size: |
4096
|
|
|
B42000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1709364442.0000000000B42000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B42000
|
| Size: |
20480
|
|
|
C09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214691642.0000000000C09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C09000
|
| Size: |
16384
|
|
|
2537000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1714140988.0000000002537000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2537000
|
| Size: |
40960
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807373345.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
76E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551309997.000000000076E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
76E000
|
| Size: |
8192
|
|
|
32AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2068820997.00000000032AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32AE000
|
| Size: |
16384
|
|
|
35C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552916584.00000000035C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35C1000
|
| Size: |
20480
|
|
|
17B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2934389137.00000000017B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17B9000
|
| Size: |
16384
|
|
|
1970000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2935473723.0000000001970000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1970000
|
| Size: |
8192
|
|
|
35CE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069539669.00000000035CE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
35CE000
|
| Size: |
8192
|
|
|
910000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121689612.0000000000910000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
910000
|
| Size: |
4096
|
|
|
17DB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001C.00000002.2934781205.00000000017DB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17DB000
|
| Size: |
4096
|
|
|
2EBB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000019.00000002.2378010349.0000000002EBB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2EBB000
|
| Size: |
4096
|
|
|
274B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097946267.000000000274B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
274B000
|
| Size: |
8192
|
|
|
23DA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082378893.00000000023DA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
23DA000
|
| Size: |
24576
|
|
|
833000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551619692.0000000000833000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
833000
|
| Size: |
20480
|
|
|
1720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098024680.0000000001720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1720000
|
| Size: |
8192
|
|
|
68641000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1720236397.0000000068641000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
68641000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
57C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120340215.000000000057C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57C000
|
| Size: |
24576
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807231068.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
168F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343322860.000000000168F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
168F000
|
| Size: |
4096
|
|
|
549E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2346509164.000000000549E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
549E000
|
| Size: |
8192
|
|
|
17D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2934561191.00000000017D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17D0000
|
| Size: |
4096
|
|
|
25B0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000001E.00000002.3552821064.00000000025B0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
25B0000
|
| Size: |
4096
|
|
|
A06000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121944995.0000000000A06000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A06000
|
| Size: |
20480
|
|
|
C89000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1768560125.0000000000C89000.00000004.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C89000
|
| Size: |
49152
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807616858.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
1070000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274427210.0000000001070000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1070000
|
| Size: |
28672
|
|
|
55AE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070053750.00000000055AE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55AE000
|
| Size: |
290816
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
9600000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1774002196.0000000009600000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9600000
|
| Size: |
77824
|
|
|
2746000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097946267.0000000002746000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2746000
|
| Size: |
4096
|
|
|
1358000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376287610.0000000001358000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1358000
|
| Size: |
266240
|
|
|
127C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932334240.000000000127C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
127C000
|
| Size: |
16384
|
|
|
700000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708737516.0000000000700000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
700000
|
| Size: |
4096
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807715346.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
9701000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1774072217.0000000009701000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9701000
|
| Size: |
290816
|
|
|
5E7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1765596892.00000000005E7000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5E7000
|
| Size: |
8192
|
|
|
3484000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2248043491.0000000003484000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3484000
|
| Size: |
4096
|
|
|
2480000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552722410.0000000002480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2480000
|
| Size: |
4096
|
|
|
5E6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1699749394.00000000005E6000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5E6000
|
| Size: |
299008
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
78E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708801965.000000000078E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
78E000
|
| Size: |
8192
|
|
|
BE3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2214509808.0000000000BE3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
BE3000
|
| Size: |
4096
|
|
|
8E56000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1713848558.0000000008E56000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E56000
|
| Size: |
512000
|
|
|
24AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296412283.00000000024AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
24AE000
|
| Size: |
8192
|
|
|
59B0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000001C.00000002.2938078783.00000000059B0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
59B0000
|
| Size: |
4096
|
|
|
9749000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1774072217.0000000009749000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9749000
|
| Size: |
536576
|
|
|
2E40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376979345.0000000002E40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E40000
|
| Size: |
4096
|
|
|
2EAA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000019.00000002.2377920823.0000000002EAA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2EAA000
|
| Size: |
4096
|
|
|
170F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343658774.000000000170F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
170F000
|
| Size: |
45056
|
|
|
6D3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295403251.00000000006D3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D3000
|
| Size: |
12288
|
|
|
DCF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097064822.0000000000DCF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DCF000
|
| Size: |
4096
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000000.1699355329.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
1585152
|
|
|
444D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4126587743.000000000444D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
444D000
|
| Size: |
12288
|
|
|
846000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551619692.0000000000846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
846000
|
| Size: |
233472
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
2FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378168924.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FD0000
|
| Size: |
28672
|
|
|
7E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551388704.00000000007E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7E0000
|
| Size: |
8192
|
|
|
273A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1710877241.000000000273A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
273A000
|
| Size: |
32768
|
|
|
ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1766861612.0000000000ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ABE000
|
| Size: |
8192
|
|
|
1400000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932570299.0000000001400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1400000
|
| Size: |
20480
|
|
|
10E3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274427210.00000000010E3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10E3000
|
| Size: |
16384
|
|
|
95E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214263162.000000000095E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95E000
|
| Size: |
8192
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1699286149.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
32FA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2331496495.00000000032FA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32FA000
|
| Size: |
24576
|
|
|
BF9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1709661987.0000000000BF9000.00000002.00000001.01000000.0000000B.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
BF9000
|
| Size: |
32768
|
|
|
599E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2346822495.000000000599E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
599E000
|
| Size: |
8192
|
|
|
7AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551334138.00000000007AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7AE000
|
| Size: |
8192
|
|
|
DE3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097216501.0000000000DE3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DE3000
|
| Size: |
20480
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807296731.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
5570000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.2276185164.0000000005570000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
24C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139859743.00000000024C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C0000
|
| Size: |
24576
|
|
|
158F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376876223.000000000158F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
158F000
|
| Size: |
4096
|
|
|
6EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4088087873.00000000006EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EC000
|
| Size: |
16384
|
|
|
3130000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2068491419.0000000003130000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3130000
|
| Size: |
4096
|
|
|
168F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376910216.000000000168F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
168F000
|
| Size: |
4096
|
|
|
1078000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274427210.0000000001078000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1078000
|
| Size: |
98304
|
|
|
1007F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1715618544.000000001007F000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1007F000
|
| Size: |
12288
|
|
|
B23000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1767132527.0000000000B23000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B23000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
548C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332746692.000000000548C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
548C000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
36FE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332539670.00000000036FE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
36FE000
|
| Size: |
8192
|
|
|
9D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121855487.00000000009D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
4096
|
|
|
9AA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2296129683.00000000009AA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
9AA000
|
| Size: |
4096
|
|
|
53B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4129145698.00000000053B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
53B0000
|
| Size: |
4096
|
|
|
92B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001E.00000002.3552147608.000000000092B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
92B000
|
| Size: |
4096
|
|
|
155E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932636015.000000000155E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
155E000
|
| Size: |
8192
|
|
|
1713000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.2097956192.0000000001713000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1713000
|
| Size: |
4096
|
|
|
4017D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1718812038.000000004017D000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4017D000
|
| Size: |
49152
|
|
|
68669000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1720236397.0000000068669000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
68669000
|
| Size: |
122880
|
|
|
17CA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001C.00000002.2934524859.00000000017CA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17CA000
|
| Size: |
4096
|
|
|
4F0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4127859850.0000000004F0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F0E000
|
| Size: |
8192
|
|
|
C2B000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1767695676.0000000000C2B000.00000020.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
C2B000
|
| Size: |
20480
|
|
|
49C0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2296780307.00000000049C0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
49C0000
|
| Size: |
4096
|
|
|
326B5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2143951046.00000000326B5000.00000002.00000001.01000000.00000014.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
326B5000
|
| Size: |
4096
|
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708660725.00000000001F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
586000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120340215.0000000000586000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
586000
|
| Size: |
4096
|
|
|
550000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120340215.0000000000550000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
550000
|
| Size: |
24576
|
|
|
18EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2344494684.00000000018EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
18EF000
|
| Size: |
4096
|
|
|
81E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121364235.000000000081E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81E000
|
| Size: |
8192
|
|
|
15AD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932686283.00000000015AD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15AD000
|
| Size: |
98304
|
|
|
ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1709199768.0000000000ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACE000
|
| Size: |
8192
|
|
|
750000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139036364.0000000000750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
4096
|
|
|
145E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376816747.000000000145E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
145E000
|
| Size: |
8192
|
|
|
8CD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4121483407.00000000008CD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8CD000
|
| Size: |
4096
|
|
|
3614000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069686640.0000000003614000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3614000
|
| Size: |
4096
|
|
|
49C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2213604075.000000000049C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49C000
|
| Size: |
16384
|
|
|
1589000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932686283.0000000001589000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1589000
|
| Size: |
8192
|
|
|
9090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1714391215.0000000009090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9090000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3160000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2068700337.0000000003160000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3160000
|
| Size: |
4096
|
|
|
AD0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1709219082.0000000000AD0000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AD0000
|
| Size: |
4096
|
|
|
8D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121511162.00000000008D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8D0000
|
| Size: |
8192
|
|
|
999000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296033562.0000000000999000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
999000
|
| Size: |
16384
|
|
|
38C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332666074.00000000038C0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
38C0000
|
| Size: |
73728
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807423011.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
5500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4130419245.0000000005500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5500000
|
| Size: |
4096
|
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2087299640.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D4000
|
| Size: |
4096
|
|
|
2750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4098096802.0000000002750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2750000
|
| Size: |
4096
|
|
|
B50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4090343783.0000000000B50000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B50000
|
| Size: |
4096
|
|
|
91B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1714391215.00000000091B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
91B9000
|
| Size: |
4096
|
|
|
720000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551281217.0000000000720000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
720000
|
| Size: |
20480
|
|
|
BE6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1709579074.0000000000BE6000.00000004.00000001.01000000.0000000B.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
BE6000
|
| Size: |
8192
|
|
|
660000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121199454.0000000000660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
660000
|
| Size: |
16384
|
|
|
990000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001E.00000002.3552216642.0000000000990000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
990000
|
| Size: |
28672
|
|
|
1240000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274918515.0000000001240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1240000
|
| Size: |
8192
|
|
|
3080000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.2276047404.0000000003080000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
3080000
|
| Size: |
4096
|
|
|
10001000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1715207032.0000000010001000.00000020.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
10001000
|
| Size: |
450560
|
|
|
6C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1714538696.00000000006C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C4000
|
| Size: |
4096
|
|
|
984000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295974357.0000000000984000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
984000
|
| Size: |
4096
|
|
|
970000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295927993.0000000000970000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
8192
|
|
|
98E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552167009.000000000098E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98E000
|
| Size: |
8192
|
|
|
3890000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332609319.0000000003890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3890000
|
| Size: |
32768
|
|
|
5090000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4128184724.0000000005090000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5090000
|
| Size: |
4096
|
|
|
AC1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1766889504.0000000000AC1000.00000020.00000001.01000000.00000016.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
AC1000
|
| Size: |
356352
|
|
|
3158000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378432495.0000000003158000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3158000
|
| Size: |
4096
|
|
|
1310000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376250593.0000000001310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1310000
|
| Size: |
8192
|
|
|
24D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2140000890.00000000024D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D0000
|
| Size: |
4096
|
|
|
A30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4088280346.0000000000A30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A30000
|
| Size: |
24576
|
|
|
60CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4133031201.00000000060CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60CE000
|
| Size: |
8192
|
|
|
757000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121267678.0000000000757000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
757000
|
| Size: |
8192
|
|
|
134A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376287610.000000000134A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
134A000
|
| Size: |
16384
|
|
|
710000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551258634.0000000000710000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
710000
|
| Size: |
8192
|
|
|
B51000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1767263576.0000000000B51000.00000020.00000001.01000000.00000015.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
B51000
|
| Size: |
131072
|
|
|
1388000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2342601703.0000000001388000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1388000
|
| Size: |
32768
|
|
|
8AA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143418792.0000000008AA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8AA0000
|
| Size: |
4096
|
|
|
986000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1708310829.0000000000986000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
986000
|
| Size: |
200704
|
|
|
740000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708770164.0000000000740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
740000
|
| Size: |
16384
|
|
|
2166E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1716094764.000000002166E000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2166E000
|
| Size: |
12288
|
|
|
538000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295120800.0000000000538000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
538000
|
| Size: |
32768
|
|
|
744000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1708523755.0000000000744000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
744000
|
| Size: |
4096
|
|
|
1580000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343269697.0000000001580000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
12288
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807648601.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
1424000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097660360.0000000001424000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1424000
|
| Size: |
49152
|
|
|
10D3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274427210.00000000010D3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D3000
|
| Size: |
61440
|
|
|
17A4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2934339752.00000000017A4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17A4000
|
| Size: |
4096
|
|
|
667000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295403251.0000000000667000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
667000
|
| Size: |
94208
|
|
|
45EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296560467.00000000045EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45EE000
|
| Size: |
8192
|
|
|
5850000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.2098953615.0000000005850000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5850000
|
| Size: |
4096
|
|
|
B1D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1767132527.0000000000B1D000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B1D000
|
| Size: |
4096
|
|
|
CA9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1709846575.0000000000CA9000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CA9000
|
| Size: |
16384
|
|
|
56F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098916881.00000000056F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56F3000
|
| Size: |
28672
|
|
|
19D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2138620836.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19D000
|
| Size: |
12288
|
|
|
10083000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1715726690.0000000010083000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
10083000
|
| Size: |
24576
|
|
|
27A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082454383.00000000027A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27A0000
|
| Size: |
4096
|
|
|
B28000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1709309072.0000000000B28000.00000002.00000001.01000000.0000000A.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B28000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
B2E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1767237940.0000000000B2E000.00000004.00000001.01000000.00000016.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B2E000
|
| Size: |
8192
|
|
|
5FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120340215.00000000005FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5FA000
|
| Size: |
237568
|
|
|
977000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1705433750.0000000000977000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
977000
|
| Size: |
262144
|
|
|
1728000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343658774.0000000001728000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1728000
|
| Size: |
303104
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
24BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1768607588.00000000024BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24BB000
|
| Size: |
4096
|
|
|
C29000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1767695676.0000000000C29000.00000020.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
C29000
|
| Size: |
4096
|
|
|
56E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098816165.00000000056E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56E8000
|
| Size: |
4096
|
|
|
1784000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343658774.0000000001784000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1784000
|
| Size: |
16384
|
|
|
68694000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000002.1721182940.0000000068694000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
68694000
|
| Size: |
4096
|
|
|
1330000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275478186.0000000001330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1330000
|
| Size: |
8192
|
|
|
8D2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1713758941.0000000008D2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8D2F000
|
| Size: |
4096
|
|
|
C27000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2214825404.0000000000C27000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C27000
|
| Size: |
4096
|
|
|
28BB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082575828.00000000028BB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28BB000
|
| Size: |
102400
|
|
|
685C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1719605086.00000000685C0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
685C0000
|
| Size: |
4096
|
|
|
810000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2213753768.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
810000
|
| Size: |
4096
|
|
|
5CEE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070453445.0000000005CEE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5CEE000
|
| Size: |
8192
|
|
|
40067000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1717968985.0000000040067000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
40067000
|
| Size: |
229376
|
|
|
660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295403251.0000000000660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
660000
|
| Size: |
24576
|
|
|
1433000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097660360.0000000001433000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1433000
|
| Size: |
24576
|
|
|
8DA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708885733.00000000008DA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8DA000
|
| Size: |
8192
|
|
|
585E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2346677457.000000000585E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
585E000
|
| Size: |
8192
|
|
|
B51000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1709406498.0000000000B51000.00000020.00000001.01000000.0000000B.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
B51000
|
| Size: |
458752
|
|
|
5E2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070520756.0000000005E2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E2E000
|
| Size: |
8192
|
|
|
190A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.2344761553.000000000190A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
190A000
|
| Size: |
4096
|
|
|
BE8000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000002.1709609322.0000000000BE8000.00000008.00000001.01000000.0000000B.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
BE8000
|
| Size: |
4096
|
|
|
5A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295188082.00000000005A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5A0000
|
| Size: |
4096
|
|
|
800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2213726097.0000000000800000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
800000
|
| Size: |
4096
|
|
|
24C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139859743.00000000024C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C9000
|
| Size: |
4096
|
|
|
8E6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4121579375.00000000008E6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8E6000
|
| Size: |
8192
|
|
|
C7D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1768378548.0000000000C7D000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C7D000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
A66000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4088280346.0000000000A66000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A66000
|
| Size: |
192512
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807343561.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
2EA7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000019.00000002.2377895812.0000000002EA7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2EA7000
|
| Size: |
4096
|
|
|
1410000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2342984361.0000000001410000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1410000
|
| Size: |
4096
|
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2087365818.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D4000
|
| Size: |
4096
|
|
|
581E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2346612090.000000000581E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
581E000
|
| Size: |
8192
|
|
|
977000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1706645684.0000000000977000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
977000
|
| Size: |
262144
|
|
|
3280000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098562229.0000000003280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3280000
|
| Size: |
4096
|
|
|
8C25000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143582242.0000000008C25000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8C25000
|
| Size: |
4096
|
|
|
8C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121464395.00000000008C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8C4000
|
| Size: |
4096
|
|
|
3484000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2331270697.0000000003484000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3484000
|
| Size: |
4096
|
|
|
5A31000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1806810117.0000000005A31000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5A31000
|
| Size: |
131072
|
|
|
68A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295403251.000000000068A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68A000
|
| Size: |
12288
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807569923.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
2520000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1768718555.0000000002520000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2520000
|
| Size: |
4096
|
|
|
1930000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2344949848.0000000001930000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1930000
|
| Size: |
4096
|
|
|
130E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376221678.000000000130E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
130E000
|
| Size: |
8192
|
|
|
5366000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069880523.0000000005366000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5366000
|
| Size: |
512000
|
|
|
977000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1707917911.0000000000977000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
977000
|
| Size: |
262144
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1378000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932389424.0000000001378000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1378000
|
| Size: |
32768
|
|
|
3150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378432495.0000000003150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3150000
|
| Size: |
12288
|
|
|
1F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765509666.00000000001F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F0000
|
| Size: |
4096
|
|
|
4301000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2346385417.0000000004301000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4301000
|
| Size: |
20480
|
|
|
2720000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1710844088.0000000002720000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2720000
|
| Size: |
8192
|
|
|
4091000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2276153712.0000000004091000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4091000
|
| Size: |
20480
|
|
|
68695000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1721771481.0000000068695000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
68695000
|
| Size: |
24576
|
|
|
5C71000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2178995257.0000000005C71000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5C71000
|
| Size: |
131072
|
|
|
5BEE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070428580.0000000005BEE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5BEE000
|
| Size: |
8192
|
|
|
1A50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2345483437.0000000001A50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A50000
|
| Size: |
12288
|
|
|
C43000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1767695676.0000000000C43000.00000020.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
C43000
|
| Size: |
122880
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807504431.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
7E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139096877.00000000007E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E8000
|
| Size: |
94208
|
|
|
3484000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2248170448.0000000003484000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3484000
|
| Size: |
4096
|
|
|
5DA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4132479373.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5DA0000
|
| Size: |
36864
|
|
|
28B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082575828.00000000028B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28B0000
|
| Size: |
32768
|
|
|
48E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4126985540.00000000048E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48E0000
|
| Size: |
57344
|
|
|
1583000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932686283.0000000001583000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1583000
|
| Size: |
20480
|
|
|
7E8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4088166095.00000000007E8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7E8000
|
| Size: |
32768
|
|
|
400B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1718209116.00000000400B0000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400B0000
|
| Size: |
4096
|
|
|
261B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1710629613.000000000261B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
261B000
|
| Size: |
569344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
665000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121199454.0000000000665000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
665000
|
| Size: |
16384
|
|
|
5A8D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4131834738.0000000005A8D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A8D000
|
| Size: |
12288
|
|
|
19C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708635384.000000000019C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19C000
|
| Size: |
16384
|
|
|
6C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1714504520.00000000006C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C4000
|
| Size: |
4096
|
|
|
3228000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2937403355.0000000003228000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3228000
|
| Size: |
4096
|
|
|
1447000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097660360.0000000001447000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1447000
|
| Size: |
159744
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
C61000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1768378548.0000000000C61000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C61000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807052403.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
8CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708861829.00000000008CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8CE000
|
| Size: |
8192
|
|
|
183F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098108780.000000000183F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
183F000
|
| Size: |
4096
|
|
|
2E83000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000019.00000002.2377031037.0000000002E83000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2E83000
|
| Size: |
4096
|
|
|
16ED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.2343599359.00000000016ED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
16ED000
|
| Size: |
4096
|
|
|
8F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121624754.00000000008F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8F2000
|
| Size: |
4096
|
|
|
598E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4131620125.000000000598E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
598E000
|
| Size: |
8192
|
|
|
5A31000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807821054.0000000005A31000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5A31000
|
| Size: |
4096
|
|
|
25E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2140070712.00000000025E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25E0000
|
| Size: |
8192
|
|
|
C50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2214896528.0000000000C50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C50000
|
| Size: |
28672
|
|
|
2E68000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275859203.0000000002E68000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E68000
|
| Size: |
4096
|
|
|
143A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097660360.000000000143A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
143A000
|
| Size: |
12288
|
|
|
454E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4126702659.000000000454E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
454E000
|
| Size: |
8192
|
|
|
F68000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274185324.0000000000F68000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F68000
|
| Size: |
32768
|
|
|
3250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2068820997.0000000003250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3250000
|
| Size: |
36864
|
|
|
839000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551619692.0000000000839000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
839000
|
| Size: |
12288
|
|
|
8B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121389340.00000000008B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8B0000
|
| Size: |
8192
|
|
|
BF1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1767695676.0000000000BF1000.00000020.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
BF1000
|
| Size: |
217088
|
|
|
3484000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2331322877.0000000003484000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3484000
|
| Size: |
4096
|
|
|
2460000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1709986100.0000000002460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2460000
|
| Size: |
4096
|
|
|
C60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214948104.0000000000C60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C60000
|
| Size: |
24576
|
|
|
1560000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932686283.0000000001560000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1560000
|
| Size: |
24576
|
|
|
6C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1714599584.00000000006C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C4000
|
| Size: |
4096
|
|
|
B7A000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1767263576.0000000000B7A000.00000020.00000001.01000000.00000015.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
B7A000
|
| Size: |
262144
|
|
|
279F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082438093.000000000279F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
279F000
|
| Size: |
4096
|
|
|
9575000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1773801857.0000000009575000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9575000
|
| Size: |
180224
|
|
|
57A9000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070156670.00000000057A9000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
57A9000
|
| Size: |
4096
|
|
|
257B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215183129.000000000257B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
257B000
|
| Size: |
8192
|
|
|
5D2D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070496422.0000000005D2D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D2D000
|
| Size: |
12288
|
|
|
16CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343366030.00000000016CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16CE000
|
| Size: |
8192
|
|
|
4B5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4098571357.0000000004B5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B5D000
|
| Size: |
12288
|
|
|
744000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1708485217.0000000000744000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
744000
|
| Size: |
4096
|
|
|
2590000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215725655.0000000002590000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2590000
|
| Size: |
4096
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807634014.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
95E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121712281.000000000095E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95E000
|
| Size: |
8192
|
|
|
DD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097129866.0000000000DD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DD4000
|
| Size: |
4096
|
|
|
9D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552485472.00000000009D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9D8000
|
| Size: |
4096
|
|
|
1900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2344673647.0000000001900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1900000
|
| Size: |
4096
|
|
|
34B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296501665.00000000034B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34B1000
|
| Size: |
20480
|
|
|
9BB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2296174785.00000000009BB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
9BB000
|
| Size: |
4096
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807554840.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
4BE0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000001E.00000002.3553038074.0000000004BE0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4BE0000
|
| Size: |
4096
|
|
|
5440000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4130080364.0000000005440000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5440000
|
| Size: |
8192
|
|
|
3484000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2248199474.0000000003484000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3484000
|
| Size: |
4096
|
|
|
5A30000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070367828.0000000005A30000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5A30000
|
| Size: |
36864
|
|
|
32FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2345584375.00000000032FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32FF000
|
| Size: |
4096
|
|
|
99E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139694431.000000000099E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
99E000
|
| Size: |
8192
|
|
|
8C3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4121435667.00000000008C3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8C3000
|
| Size: |
4096
|
|
|
F20000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000000.2090249100.0000000000F20000.00000002.00000001.01000000.0000001E.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
F20000
|
| Size: |
4096
|
|
|
13AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097454604.00000000013AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13AE000
|
| Size: |
8192
|
|
|
2A61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4098377394.0000000002A61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A61000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
185B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.2098242986.000000000185B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
185B000
|
| Size: |
4096
|
|
|
630000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2138926858.0000000000630000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
630000
|
| Size: |
4096
|
|
|
24CB000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139859743.00000000024CB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24CB000
|
| Size: |
4096
|
|
|
1890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098335613.0000000001890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1890000
|
| Size: |
24576
|
|
|
400A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1717968985.00000000400A0000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400A0000
|
| Size: |
53248
|
|
|
1294000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275008031.0000000001294000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1294000
|
| Size: |
4096
|
|
|
9B7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2296152678.00000000009B7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
9B7000
|
| Size: |
4096
|
|
|
10A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274427210.00000000010A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A6000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
12E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275415982.00000000012E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12E0000
|
| Size: |
4096
|
|
|
1595000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932686283.0000000001595000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1595000
|
| Size: |
90112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
14F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343066908.00000000014F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F0000
|
| Size: |
8192
|
|
|
21668000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1774461153.0000000021668000.00000004.00000001.01000000.00000011.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
21668000
|
| Size: |
4096
|
|
|
2B90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082616624.0000000002B90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B90000
|
| Size: |
20480
|
|
|
479E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215926991.000000000479E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
479E000
|
| Size: |
8192
|
|
|
24B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1768607588.00000000024B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24B0000
|
| Size: |
24576
|
|
|
635000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120340215.0000000000635000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
635000
|
| Size: |
16384
|
|
|
33A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2937731011.00000000033A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33A1000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
7E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139096877.00000000007E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E6000
|
| Size: |
4096
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807780654.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807388706.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
3264000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2068820997.0000000003264000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3264000
|
| Size: |
270336
|
|
|
46FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3553016415.00000000046FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
46FE000
|
| Size: |
8192
|
|
|
3190000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000019.00000002.2378659176.0000000003190000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
3190000
|
| Size: |
4096
|
|
|
192E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098453685.000000000192E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
192E000
|
| Size: |
8192
|
|
|
508E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4128126218.000000000508E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
508E000
|
| Size: |
8192
|
|
|
16E3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.2343467392.00000000016E3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
16E3000
|
| Size: |
4096
|
|
|
50D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4128228895.00000000050D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50D0000
|
| Size: |
8192
|
|
|
94E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143663059.00000000094E0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
94E0000
|
| Size: |
180224
|
|
|
1A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2345422388.0000000001A40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A40000
|
| Size: |
4096
|
|
|
41A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2379086944.00000000041A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41A9000
|
| Size: |
4096
|
|
|
26EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1710780540.00000000026EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
26EE000
|
| Size: |
8192
|
|
|
2745000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1710877241.0000000002745000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2745000
|
| Size: |
4096
|
|
|
59B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2346944312.00000000059B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
59B0000
|
| Size: |
4096
|
|
|
2EB7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000019.00000002.2377978064.0000000002EB7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2EB7000
|
| Size: |
4096
|
|
|
35CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332463748.00000000035CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
35CC000
|
| Size: |
53248
|
|
|
3A61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4098509900.0000000003A61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A61000
|
| Size: |
20480
|
|
|
347E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2331857819.000000000347E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
347E000
|
| Size: |
8192
|
|
|
1700000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097932365.0000000001700000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1700000
|
| Size: |
8192
|
|
|
269E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097886253.000000000269E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
269E000
|
| Size: |
8192
|
|
|
E6C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274154375.0000000000E6C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E6C000
|
| Size: |
16384
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807248169.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
2750000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2215818012.0000000002750000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2750000
|
| Size: |
4096
|
|
|
7F3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001E.00000002.3551408651.00000000007F3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7F3000
|
| Size: |
4096
|
|
|
3607000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1806883726.0000000003607000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3607000
|
| Size: |
180224
|
|
|
993000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296033562.0000000000993000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
993000
|
| Size: |
20480
|
|
|
9444000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1706720383.0000000009444000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9444000
|
| Size: |
40960
|
|
|
3C8000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551194615.00000000003C8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C8000
|
| Size: |
32768
|
|
|
564E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4130871644.000000000564E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
564E000
|
| Size: |
8192
|
|
|
1178000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376027787.0000000001178000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1178000
|
| Size: |
32768
|
|
|
1A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2345322635.0000000001A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A20000
|
| Size: |
45056
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4092639944.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
20480
|
|
|
348D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069429078.000000000348D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
348D000
|
| Size: |
12288
|
|
|
17AD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001C.00000002.2934364827.00000000017AD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17AD000
|
| Size: |
4096
|
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2087322634.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D4000
|
| Size: |
4096
|
|
|
22AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4122011051.00000000022AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
22AF000
|
| Size: |
4096
|
|
|
744000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1708431099.0000000000744000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
744000
|
| Size: |
4096
|
|
|
C73000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1768378548.0000000000C73000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C73000
|
| Size: |
12288
|
|
|
9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708607121.000000000009C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9C000
|
| Size: |
16384
|
|
|
40000000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1717333746.0000000040000000.00000002.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
40000000
|
| Size: |
4096
|
|
|
2FC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000019.00000002.2378113109.0000000002FC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2FC0000
|
| Size: |
28672
|
|
|
3600000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069686640.0000000003600000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3600000
|
| Size: |
28672
|
|
|
A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121944995.0000000000A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A00000
|
| Size: |
16384
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807440667.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
E80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000020.00000002.4097559293.0000000000E80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
E80000
|
| Size: |
28672
|
|
|
F22000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000010.00000000.2090287640.0000000000F22000.00000002.00000001.01000000.0000001E.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
F22000
|
| Size: |
245760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
338E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069400955.000000000338E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
338E000
|
| Size: |
8192
|
|
|
1099000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274427210.0000000001099000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1099000
|
| Size: |
12288
|
|
|
2660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1768739126.0000000002660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2660000
|
| Size: |
8192
|
|
|
13E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932440184.00000000013E0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E0000
|
| Size: |
4096
|
|
|
C6C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1768378548.0000000000C6C000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C6C000
|
| Size: |
12288
|
|
|
588000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120340215.0000000000588000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
588000
|
| Size: |
221184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1990000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2345073702.0000000001990000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1990000
|
| Size: |
40960
|
|
|
697000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295403251.0000000000697000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
697000
|
| Size: |
241664
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
A58000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4088280346.0000000000A58000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A58000
|
| Size: |
16384
|
|
|
584E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4131100287.000000000584E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
584E000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807488975.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
3607000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1806951197.0000000003607000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3607000
|
| Size: |
180224
|
|
|
83F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2213795150.000000000083F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83F000
|
| Size: |
8192
|
|
|
C03000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214691642.0000000000C03000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C03000
|
| Size: |
20480
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807068411.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
1360000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097430848.0000000001360000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1360000
|
| Size: |
4096
|
|
|
3480000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2331921622.0000000003480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3480000
|
| Size: |
16384
|
|
|
5C9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2347222951.0000000005C9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C9F000
|
| Size: |
4096
|
|
|
267D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1768767932.000000000267D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
267D000
|
| Size: |
4096
|
|
|
8CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765917234.00000000008CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8CA000
|
| Size: |
8192
|
|
|
3484000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2248140814.0000000003484000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3484000
|
| Size: |
4096
|
|
|
106E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274373123.000000000106E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
106E000
|
| Size: |
8192
|
|
|
41A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2379086944.00000000041A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41A1000
|
| Size: |
20480
|
|
|
8D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121535532.00000000008D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8D3000
|
| Size: |
40960
|
|
|
529E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2379159314.000000000529E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
529E000
|
| Size: |
8192
|
|
|
1293000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.2274959725.0000000001293000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1293000
|
| Size: |
4096
|
|
|
74E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2138993310.000000000074E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
74E000
|
| Size: |
8192
|
|
|
12A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275095530.00000000012A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12A9000
|
| Size: |
16384
|
|
|
38C4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2179065937.00000000038C4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
38C4000
|
| Size: |
176128
|
|
|
325B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2068820997.000000000325B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
325B000
|
| Size: |
32768
|
|
|
4017B000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000002.1718789784.000000004017B000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
4017B000
|
| Size: |
4096
|
|
|
560D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4130660651.000000000560D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
560D000
|
| Size: |
12288
|
|
|
9DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552485472.00000000009DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9DB000
|
| Size: |
8192
|
|
|
630000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551238450.0000000000630000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
630000
|
| Size: |
4096
|
|
|
2E93000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2377694219.0000000002E93000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E93000
|
| Size: |
40960
|
|
|
8D33000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1713848558.0000000008D33000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8D33000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
30FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378356759.00000000030FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30FF000
|
| Size: |
4096
|
|
|
12BA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.2275312436.00000000012BA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12BA000
|
| Size: |
4096
|
|
|
21660000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1715768246.0000000021660000.00000002.00000001.01000000.00000006.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
21660000
|
| Size: |
4096
|
|
|
5DF0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2333716637.0000000005DF0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5DF0000
|
| Size: |
4096
|
|
|
2E84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2377176224.0000000002E84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E84000
|
| Size: |
4096
|
|
|
17A3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001C.00000002.2934311022.00000000017A3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17A3000
|
| Size: |
4096
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214657310.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
8192
|
|
|
684000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295403251.0000000000684000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
684000
|
| Size: |
20480
|
|
|
1500000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343109554.0000000001500000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1500000
|
| Size: |
16384
|
|
|
500F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4127982007.000000000500F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
500F000
|
| Size: |
4096
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807521831.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
1960000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2935245059.0000000001960000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1960000
|
| Size: |
24576
|
|
|
59ED000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2333170618.00000000059ED000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
59ED000
|
| Size: |
458752
|
|
|
5CD000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120340215.00000000005CD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5CD000
|
| Size: |
65536
|
|
|
3330000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000002.2331618290.0000000003330000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3330000
|
| Size: |
4096
|
|
|
24B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296443182.00000000024B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
24B1000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807035350.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
2166A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1774461153.000000002166A000.00000004.00000001.01000000.00000011.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2166A000
|
| Size: |
4096
|
|
|
E30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097470693.0000000000E30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E30000
|
| Size: |
8192
|
|
|
EB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097840877.0000000000EB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EB0000
|
| Size: |
8192
|
|
|
927000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001E.00000002.3552090788.0000000000927000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
927000
|
| Size: |
4096
|
|
|
5C71000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2248005891.0000000005C71000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5C71000
|
| Size: |
237568
|
|
|
91BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1714391215.00000000091BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
91BD000
|
| Size: |
458752
|
|
|
983000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2295952077.0000000000983000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
983000
|
| Size: |
4096
|
|
|
9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2138532120.000000000009C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9C000
|
| Size: |
16384
|
|
|
16DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097911227.00000000016DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16DF000
|
| Size: |
4096
|
|
|
56E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098816165.00000000056E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56E0000
|
| Size: |
12288
|
|
|
4DE0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2215974816.0000000004DE0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4DE0000
|
| Size: |
4096
|
|
|
139B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376287610.000000000139B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
139B000
|
| Size: |
12288
|
|
|
8CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765917234.00000000008CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8CE000
|
| Size: |
118784
|
|
|
12A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275095530.00000000012A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12A0000
|
| Size: |
4096
|
|
|
BBA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1767634446.0000000000BBA000.00000004.00000001.01000000.00000015.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
BBA000
|
| Size: |
61440
|
|
|
977000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1705937523.0000000000977000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
977000
|
| Size: |
131072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
5A5E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2333170618.0000000005A5E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
5A5E000
|
| Size: |
24576
|
|
|
818000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551619692.0000000000818000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
818000
|
| Size: |
98304
|
|
|
275E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082420282.000000000275E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
275E000
|
| Size: |
8192
|
|
|
289E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4098180133.000000000289E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
289E000
|
| Size: |
8192
|
|
|
28A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4098223880.00000000028A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28A3000
|
| Size: |
28672
|
|
|
2560000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215099876.0000000002560000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2560000
|
| Size: |
65536
|
|
|
1480000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376847757.0000000001480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1480000
|
| Size: |
8192
|
|
|
2E70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2377001444.0000000002E70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E70000
|
| Size: |
8192
|
|
|
9CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121827521.00000000009CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9CC000
|
| Size: |
16384
|
|
|
7FD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001E.00000002.3551480256.00000000007FD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FD000
|
| Size: |
4096
|
|
|
1418000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097585090.0000000001418000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1418000
|
| Size: |
45056
|
|
|
540E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4129264601.000000000540E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
540E000
|
| Size: |
4096
|
|
|
24D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2084619127.00000000024D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D1000
|
| Size: |
241664
|
|
|
4930000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4127228452.0000000004930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4930000
|
| Size: |
4096
|
|
|
1720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275639937.0000000001720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1720000
|
| Size: |
24576
|
|
|
56E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098816165.00000000056E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56E6000
|
| Size: |
4096
|
|
|
19A0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.2345197027.00000000019A0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
19A0000
|
| Size: |
4096
|
|
|
6C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1712213430.00000000006C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C4000
|
| Size: |
4096
|
|
|
23A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296390883.00000000023A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23A0000
|
| Size: |
4096
|
|
|
16F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343658774.00000000016F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16F8000
|
| Size: |
90112
|
|
|
2510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1768695961.0000000002510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2510000
|
| Size: |
8192
|
|
|
C11000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1709710422.0000000000C11000.00000020.00000001.01000000.0000000C.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
C11000
|
| Size: |
430080
|
|
|
38B0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332666074.00000000038B0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
38B0000
|
| Size: |
4096
|
|
|
3291000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098583663.0000000003291000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3291000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807585124.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
955E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143663059.000000000955E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
955E000
|
| Size: |
4096
|
|
|
64E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295380182.000000000064E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
64E000
|
| Size: |
8192
|
|
|
3340000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000002.2331680569.0000000003340000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3340000
|
| Size: |
4096
|
|
|
6863F000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000002.1720073859.000000006863F000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
6863F000
|
| Size: |
8192
|
|
|
3170000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2068753524.0000000003170000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3170000
|
| Size: |
4096
|
|
|
8BCB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1773382770.0000000008BCB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8BCB000
|
| Size: |
4096
|
|
|
1840000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098133109.0000000001840000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1840000
|
| Size: |
4096
|
|
|
40061000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1717766109.0000000040061000.00000004.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40061000
|
| Size: |
4096
|
|
|
538E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098683813.000000000538E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
538E000
|
| Size: |
8192
|
|
|
24B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1768607588.00000000024B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24B9000
|
| Size: |
4096
|
|
|
3484000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2248156425.0000000003484000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3484000
|
| Size: |
4096
|
|
|
1880000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.2098291945.0000000001880000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1880000
|
| Size: |
28672
|
|
|
594A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4131299897.000000000594A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
594A000
|
| Size: |
24576
|
|
|
68689000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1721040941.0000000068689000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
68689000
|
| Size: |
36864
|
|
|
389B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332609319.000000000389B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
389B000
|
| Size: |
4096
|
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2085367232.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D4000
|
| Size: |
4096
|
|
|
40189000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1718842807.0000000040189000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
40189000
|
| Size: |
360448
|
|
|
768000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139096877.0000000000768000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
768000
|
| Size: |
118784
|
|
|
3607000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2018613143.0000000003607000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3607000
|
| Size: |
57344
|
|
|
8B3B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143472015.0000000008B3B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8B3B000
|
| Size: |
4096
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807472240.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
8D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708885733.00000000008D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8D0000
|
| Size: |
32768
|
|
|
68692000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1721150932.0000000068692000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
68692000
|
| Size: |
8192
|
|
|
5E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2347310255.0000000005E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E9E000
|
| Size: |
8192
|
|
|
2F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378073562.0000000002F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F1E000
|
| Size: |
8192
|
|
|
980000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121803734.0000000000980000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
980000
|
| Size: |
4096
|
|
|
2748000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097946267.0000000002748000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2748000
|
| Size: |
4096
|
|
|
598000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2213676529.0000000000598000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
598000
|
| Size: |
32768
|
|
|
B1A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1767132527.0000000000B1A000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B1A000
|
| Size: |
4096
|
|
|
8FB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4121673495.00000000008FB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8FB000
|
| Size: |
4096
|
|
|
2166A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143870793.000000002166A000.00000004.00000001.01000000.00000011.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2166A000
|
| Size: |
4096
|
|
|
BE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214536171.0000000000BE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BE4000
|
| Size: |
4096
|
|
|
56D0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000019.00000002.2379197498.00000000056D0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
56D0000
|
| Size: |
4096
|
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2085126347.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D4000
|
| Size: |
4096
|
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2087386914.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D4000
|
| Size: |
4096
|
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296197991.00000000009C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9C0000
|
| Size: |
8192
|
|
|
12C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376151819.00000000012C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12C0000
|
| Size: |
16384
|
|
|
2950000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000020.00000002.4098317658.0000000002950000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2950000
|
| Size: |
4096
|
|
|
42B8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4126497894.00000000042B8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
42B8000
|
| Size: |
4096
|
|
|
35A0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332349808.00000000035A0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
35A0000
|
| Size: |
4096
|
|
|
17B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2934389137.00000000017B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17B3000
|
| Size: |
20480
|
|
|
358E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2331983092.000000000358E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
358E000
|
| Size: |
8192
|
|
|
315B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378432495.000000000315B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
315B000
|
| Size: |
8192
|
|
|
9A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552252204.00000000009A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9A0000
|
| Size: |
24576
|
|
|
495B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296691267.000000000495B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
495B000
|
| Size: |
8192
|
|
|
4017D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2144010494.000000004017D000.00000004.00000001.01000000.00000010.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4017D000
|
| Size: |
8192
|
|
|
18EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098426371.00000000018EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
18EE000
|
| Size: |
8192
|
|
|
581E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070156670.000000000581E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
581E000
|
| Size: |
24576
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807456315.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
5C70000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2333545933.0000000005C70000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5C70000
|
| Size: |
4096
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807109097.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
1723000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098024680.0000000001723000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1723000
|
| Size: |
40960
|
|
|
857000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2213795150.0000000000857000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
857000
|
| Size: |
253952
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
34CE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069511753.00000000034CE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
34CE000
|
| Size: |
8192
|
|
|
DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097216501.0000000000DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DE0000
|
| Size: |
4096
|
|
|
FEC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097307221.0000000000FEC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FEC000
|
| Size: |
16384
|
|
|
4930000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296596841.0000000004930000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4930000
|
| Size: |
24576
|
|
|
2FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378231459.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FE0000
|
| Size: |
65536
|
|
|
2E73000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275943239.0000000002E73000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E73000
|
| Size: |
28672
|
|
|
595E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2346739325.000000000595E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
595E000
|
| Size: |
8192
|
|
|
BD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214483390.0000000000BD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BD0000
|
| Size: |
8192
|
|
|
E7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097515099.0000000000E7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E7E000
|
| Size: |
8192
|
|
|
630000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765643961.0000000000630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
630000
|
| Size: |
4096
|
|
|
2E4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275739924.0000000002E4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E4E000
|
| Size: |
8192
|
|
|
E0B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000020.00000002.4097428380.0000000000E0B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
E0B000
|
| Size: |
4096
|
|
|
4933000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4127228452.0000000004933000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4933000
|
| Size: |
8192
|
|
|
12B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275252406.00000000012B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12B0000
|
| Size: |
4096
|
|
|
58C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2333170618.00000000058C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
58C0000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
13F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097516029.00000000013F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F0000
|
| Size: |
4096
|
|
|
B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4090524026.0000000000B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B9E000
|
| Size: |
8192
|
|
|
13F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2932468822.00000000013F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F0000
|
| Size: |
8192
|
|
|
107C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2375979189.000000000107C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
107C000
|
| Size: |
16384
|
|
|
809000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551502857.0000000000809000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
809000
|
| Size: |
16384
|
|
|
1857000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.2098214308.0000000001857000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1857000
|
| Size: |
4096
|
|
|
5E6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1708706087.00000000005E6000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5E6000
|
| Size: |
12288
|
|
|
102E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2274351808.000000000102E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
102E000
|
| Size: |
8192
|
|
|
1917000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000014.00000002.2344848100.0000000001917000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1917000
|
| Size: |
4096
|
|
|
2EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2377947642.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EB0000
|
| Size: |
4096
|
|
|
3710000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069781678.0000000003710000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3710000
|
| Size: |
4096
|
|
|
326B5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1716776881.00000000326B5000.00000002.00000001.01000000.00000009.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
326B5000
|
| Size: |
798720
|
|
|
1AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120198559.00000000001AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1AB000
|
| Size: |
20480
|
|
|
5D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2347262305.0000000005D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D9E000
|
| Size: |
8192
|
|
|
5837000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332903847.0000000005837000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5837000
|
| Size: |
536576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
44EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296535152.00000000044EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44EE000
|
| Size: |
8192
|
|
|
A96000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4088280346.0000000000A96000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A96000
|
| Size: |
49152
|
|
|
81E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139096877.000000000081E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
81E000
|
| Size: |
24576
|
|
|
55F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070053750.00000000055F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55F6000
|
| Size: |
536576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
171B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343658774.000000000171B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
171B000
|
| Size: |
12288
|
|
|
304E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2276022582.000000000304E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
304E000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807143648.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
18FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2934937496.00000000018FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
18FF000
|
| Size: |
4096
|
|
|
FF150000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4133247982.00000000FF150000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
FF150000
|
| Size: |
4096
|
|
|
820000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2213795150.0000000000820000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
820000
|
| Size: |
20480
|
|
|
55AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332746692.00000000055AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55AF000
|
| Size: |
512000
|
|
|
32A7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2068820997.00000000032A7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32A7000
|
| Size: |
20480
|
|
|
C2B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.2214850137.0000000000C2B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C2B000
|
| Size: |
4096
|
|
|
BA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4090682768.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BA0000
|
| Size: |
4096
|
|
|
B18000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1767132527.0000000000B18000.00000002.00000001.01000000.00000016.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B18000
|
| Size: |
4096
|
|
|
2740000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4097946267.0000000002740000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2740000
|
| Size: |
12288
|
|
|
600000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295315538.0000000000600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
600000
|
| Size: |
16384
|
|
|
4950000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296691267.0000000004950000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4950000
|
| Size: |
8192
|
|
|
4017A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1718765876.000000004017A000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4017A000
|
| Size: |
4096
|
|
|
2560000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1710008828.0000000002560000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2560000
|
| Size: |
45056
|
|
|
960000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4121734439.0000000000960000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
960000
|
| Size: |
40960
|
|
|
184A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000010.00000002.2098160798.000000000184A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
184A000
|
| Size: |
4096
|
|
|
40065000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2143982402.0000000040065000.00000004.00000001.01000000.0000000F.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40065000
|
| Size: |
4096
|
|
|
30FA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2067943965.00000000030FA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30FA000
|
| Size: |
24576
|
|
|
56EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098816165.00000000056EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56EB000
|
| Size: |
8192
|
|
|
3590000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332147659.0000000003590000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3590000
|
| Size: |
4096
|
|
|
744000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1708449891.0000000000744000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
744000
|
| Size: |
4096
|
|
|
1910000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2344810982.0000000001910000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1910000
|
| Size: |
4096
|
|
|
518C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4128415622.000000000518C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
518C000
|
| Size: |
16384
|
|
|
1006F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1715531848.000000001006F000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1006F000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
5130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4128304468.0000000005130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5130000
|
| Size: |
45056
|
|
|
19F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2345269153.00000000019F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
19F0000
|
| Size: |
4096
|
|
|
558000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120340215.0000000000558000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
558000
|
| Size: |
143360
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807696879.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807313266.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
1714000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097977597.0000000001714000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1714000
|
| Size: |
4096
|
|
|
744000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1708466584.0000000000744000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
744000
|
| Size: |
4096
|
|
|
977000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1708310829.0000000000977000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
977000
|
| Size: |
57344
|
|
|
175F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2934249360.000000000175F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
175F000
|
| Size: |
4096
|
|
|
9D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552485472.00000000009D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9D0000
|
| Size: |
12288
|
|
|
5A40000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2070367828.0000000005A40000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5A40000
|
| Size: |
8192
|
|
|
1D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2138670992.00000000001D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D0000
|
| Size: |
16384
|
|
|
A4D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4088280346.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A4D000
|
| Size: |
12288
|
|
|
95C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708885733.000000000095C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
95C000
|
| Size: |
8192
|
|
|
990000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296033562.0000000000990000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
990000
|
| Size: |
4096
|
|
|
38A0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332666074.00000000038A0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
38A0000
|
| Size: |
4096
|
|
|
970000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4121781602.0000000000970000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
970000
|
| Size: |
4096
|
|
|
11E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376093230.00000000011E0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
4096
|
|
|
67E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765705806.000000000067E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67E000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807538633.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
2FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378322182.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FF0000
|
| Size: |
4096
|
|
|
C86000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1768537643.0000000000C86000.00000004.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
C86000
|
| Size: |
8192
|
|
|
2390000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2296368971.0000000002390000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2390000
|
| Size: |
4096
|
|
|
458E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4126815877.000000000458E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
458E000
|
| Size: |
8192
|
|
|
1820000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376932378.0000000001820000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1820000
|
| Size: |
8192
|
|
|
9B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552299531.00000000009B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9B0000
|
| Size: |
65536
|
|
|
2543000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1714140988.0000000002543000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2543000
|
| Size: |
4096
|
|
|
9C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214353698.00000000009C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9C0000
|
| Size: |
16384
|
|
|
153F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275545736.000000000153F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
153F000
|
| Size: |
4096
|
|
|
95E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139644508.000000000095E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
95E000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1806836949.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
17D7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001C.00000002.2934661903.00000000017D7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17D7000
|
| Size: |
4096
|
|
|
2EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2377865172.0000000002EA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EA0000
|
| Size: |
4096
|
|
|
67F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295403251.000000000067F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67F000
|
| Size: |
8192
|
|
|
6C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1714470965.00000000006C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C4000
|
| Size: |
4096
|
|
|
4B7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4127383665.0000000004B7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B7E000
|
| Size: |
8192
|
|
|
3484000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000003.2179018585.0000000003484000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3484000
|
| Size: |
4096
|
|
|
3757000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2069829447.0000000003757000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3757000
|
| Size: |
8192
|
|
|
24D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2087172352.00000000024D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24D1000
|
| Size: |
241664
|
|
|
C7F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000003.00000002.1768378548.0000000000C7F000.00000002.00000001.01000000.00000017.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C7F000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
91A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000001E.00000002.3552069962.000000000091A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
91A000
|
| Size: |
4096
|
|
|
88F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1708839995.000000000088F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
88F000
|
| Size: |
4096
|
|
|
2E8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000019.00000002.2377660244.0000000002E8D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2E8D000
|
| Size: |
4096
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807801206.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
1870000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2098268506.0000000001870000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1870000
|
| Size: |
4096
|
|
|
12C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2376151819.00000000012C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12C5000
|
| Size: |
12288
|
|
|
199B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2345073702.000000000199B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
199B000
|
| Size: |
20480
|
|
|
84A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2213795150.000000000084A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84A000
|
| Size: |
12288
|
|
|
63A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120340215.000000000063A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
63A000
|
| Size: |
73728
|
|
|
8F7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.4121648249.00000000008F7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8F7000
|
| Size: |
4096
|
|
|
1D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.2087406732.00000000001D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D4000
|
| Size: |
4096
|
|
|
3290000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2937655240.0000000003290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3290000
|
| Size: |
4096
|
|
|
ACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296223235.0000000000ACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACE000
|
| Size: |
8192
|
|
|
43C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295037958.000000000043C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43C000
|
| Size: |
16384
|
|
|
1730000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275717429.0000000001730000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1730000
|
| Size: |
8192
|
|
|
750000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4121267678.0000000000750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
16384
|
|
|
489E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215951464.000000000489E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
489E000
|
| Size: |
8192
|
|
|
16E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343549676.00000000016E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16E4000
|
| Size: |
4096
|
|
|
C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2214691642.0000000000C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C00000
|
| Size: |
4096
|
|
|
C10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.1709689254.0000000000C10000.00000002.00000001.01000000.0000000C.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C10000
|
| Size: |
4096
|
|
|
2E90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2377694219.0000000002E90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E90000
|
| Size: |
8192
|
|
|
2640000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082398482.0000000002640000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2640000
|
| Size: |
4096
|
|
|
B73000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000003.00000002.1767263576.0000000000B73000.00000020.00000001.01000000.00000015.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
B73000
|
| Size: |
4096
|
|
|
5ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2347056106.0000000005ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ABE000
|
| Size: |
8192
|
|
|
194E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2935047209.000000000194E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
194E000
|
| Size: |
8192
|
|
|
154E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343227870.000000000154E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
154E000
|
| Size: |
8192
|
|
|
922E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1714391215.000000000922E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
922E000
|
| Size: |
24576
|
|
|
280E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000B.00000002.2082498452.000000000280E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
280E000
|
| Size: |
8192
|
|
|
4D30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4127707514.0000000004D30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D30000
|
| Size: |
40960
|
|
|
313D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000019.00000002.2378391942.000000000313D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
25
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
313D000
|
| Size: |
12288
|
|
|
2761000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215840271.0000000002761000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2761000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
35C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332463748.00000000035C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
35C0000
|
| Size: |
40960
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807175568.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
803000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551502857.0000000000803000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
803000
|
| Size: |
20480
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807125181.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
57EF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.2332903847.00000000057EF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57EF000
|
| Size: |
290816
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807601267.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
8192
|
|
|
B3E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1709344479.0000000000B3E000.00000004.00000001.01000000.0000000A.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B3E000
|
| Size: |
8192
|
|
|
269E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2215773411.000000000269E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
269E000
|
| Size: |
8192
|
|
|
3350000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000E.00000002.2331725373.0000000003350000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3350000
|
| Size: |
4096
|
|
|
40001000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.1717382522.0000000040001000.00000020.00000001.01000000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
40001000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Detected Delphi use of System.ParamCount |
System Summary |
|
|
|
A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552658940.0000000000A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A00000
|
| Size: |
8192
|
|
|
4963000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296744857.0000000004963000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4963000
|
| Size: |
28672
|
|
|
89E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1765859446.000000000089E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
89E000
|
| Size: |
8192
|
|
|
5050000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000020.00000002.4098617345.0000000005050000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5050000
|
| Size: |
4096
|
|
|
32686000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000002.1716572325.0000000032686000.00000008.00000001.01000000.00000009.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
32686000
|
| Size: |
155648
|
|
|
6C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000003.1714671665.00000000006C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C4000
|
| Size: |
4096
|
|
|
540000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120312518.0000000000540000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
540000
|
| Size: |
8192
|
|
|
285F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4098132221.000000000285F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
285F000
|
| Size: |
4096
|
|
|
5A31000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807853296.0000000005A31000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5A31000
|
| Size: |
8192
|
|
|
25C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552840301.00000000025C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25C1000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to development resources |
System Summary |
|
|
|
810000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3551619692.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
810000
|
| Size: |
24576
|
|
|
827000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.2213795150.0000000000827000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
827000
|
| Size: |
94208
|
|
|
2E66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.2275859203.0000000002E66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E66000
|
| Size: |
4096
|
|
|
AE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2296249473.0000000000AE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AE0000
|
| Size: |
8192
|
|
|
3154000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1807328432.0000000003154000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
4096
|
|
|
9D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001E.00000002.3552485472.00000000009D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
30
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9D6000
|
| Size: |
4096
|
|
|
98D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2296011383.000000000098D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
98D000
|
| Size: |
4096
|
|
|
744000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000003.1704376435.0000000000744000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
744000
|
| Size: |
4096
|
|
|
24C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2139859743.00000000024C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C7000
|
| Size: |
4096
|
|
|
A37000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000020.00000002.4088280346.0000000000A37000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
32
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A37000
|
| Size: |
86016
|
|
|
16F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2343658774.00000000016F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16F0000
|
| Size: |
28672
|
|
|
1410000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.2097585090.0000000001410000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1410000
|
| Size: |
28672
|
|
|
605000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2295315538.0000000000605000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
605000
|
| Size: |
12288
|
|
|
5DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.4120340215.00000000005DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DE000
|
| Size: |
40960
|
|
|
3301000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2345663762.0000000003301000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3301000
|
| Size: |
61440
|
|
