|
2410000
|
direct allocation
|
page read and write
|
 |
|
|
| Name: |
00000000.00000002.1417387784.0000000002410000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
2410000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1475451350.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
|
|
3980000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1480981689.0000000003980000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3980000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
|
|
3950000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1480946794.0000000003950000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3950000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
|
|
B80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668499674.0000000000B80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B80000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
|
|
B50000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2668458011.0000000000B50000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
B50000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
|
|
8E0000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2668278893.00000000008E0000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
8E0000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara signature match |
System Summary |
|
|
|
720F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.000000000720F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
720F000
|
| Size: |
4096
|
|
|
D43D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D43D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D43D000
|
| Size: |
16384
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1891215526.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
D466000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D466000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D466000
|
| Size: |
77824
|
|
|
71C7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.00000000071C7000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
71C7000
|
| Size: |
266240
|
|
|
7FF555F79000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432196480.00007FF555F79000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F79000
|
| Size: |
32768
|
|
|
7FF5564B1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435260978.00007FF5564B1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564B1000
|
| Size: |
12288
|
|
|
A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2579425851.0000000000A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
151552
|
|
|
17F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1390456848.00000000017F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17F7000
|
| Size: |
4096
|
|
|
7FF556185000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433087628.00007FF556185000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556185000
|
| Size: |
8192
|
|
|
A670000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676234676.000000000A670000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A670000
|
| Size: |
4096
|
|
|
7FF556693000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692377544.00007FF556693000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556693000
|
| Size: |
12288
|
|
|
BF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2668755493.0000000000BF0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
BF0000
|
| Size: |
8192
|
|
|
7FF556059000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687542834.00007FF556059000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556059000
|
| Size: |
4096
|
|
|
96AD000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096AD000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96AD000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1626679353.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
7FF55658D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436211134.00007FF55658D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55658D000
|
| Size: |
4096
|
|
|
D439000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D439000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D439000
|
| Size: |
12288
|
|
|
DBAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425922254.000000000DBAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBAF000
|
| Size: |
4096
|
|
|
177F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1391083060.000000000177F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
177F000
|
| Size: |
188416
|
|
|
7DF4731C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000000.1431853364.00007DF4731C1000.00000020.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7DF4731C1000
|
| Size: |
4096
|
|
|
A20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668495957.0000000000A20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A20000
|
| Size: |
733184
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1737988245.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
245760
|
|
|
7FF5565A6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691459975.00007FF5565A6000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565A6000
|
| Size: |
45056
|
|
|
454B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.000000000454B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
454B000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2520213318.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
7570000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672007788.0000000007570000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7570000
|
| Size: |
4096
|
|
|
7FF556728000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692733414.00007FF556728000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556728000
|
| Size: |
8192
|
|
|
BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1687471492.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BB0000
|
| Size: |
180224
|
|
|
FC23000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2682138194.000000000FC23000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FC23000
|
| Size: |
217088
|
|
|
7FF556207000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688867514.00007FF556207000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556207000
|
| Size: |
4096
|
|
|
7FF556188000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688673900.00007FF556188000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556188000
|
| Size: |
4096
|
|
|
96EE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096EE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96EE000
|
| Size: |
4096
|
|
|
3187000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.0000000003187000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3187000
|
| Size: |
266240
|
|
|
7FF5566B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437189968.00007FF5566B0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566B0000
|
| Size: |
4096
|
|
|
7FF5562D7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689244078.00007FF5562D7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562D7000
|
| Size: |
24576
|
|
|
45D0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420098858.00000000045D0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
45D0000
|
| Size: |
4096
|
|
|
9EB0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009EB0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9EB0000
|
| Size: |
4096
|
|
|
7A60000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1421351981.0000000007A60000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7A60000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
B560000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424633294.000000000B560000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B560000
|
| Size: |
4096
|
|
|
33FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1480229153.00000000033FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33FF000
|
| Size: |
4096
|
|
|
7FF556376000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434619269.00007FF556376000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556376000
|
| Size: |
8192
|
|
|
976E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.000000000976E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
976E000
|
| Size: |
655360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
DF0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1426191828.000000000DF0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DF0C000
|
| Size: |
16384
|
|
|
9C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423616699.0000000009C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9C3E000
|
| Size: |
8192
|
|
|
7FF5564F2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435629943.00007FF5564F2000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564F2000
|
| Size: |
8192
|
|
|
73B0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420968218.00000000073B0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
73B0000
|
| Size: |
4096
|
|
|
96B1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096B1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96B1000
|
| Size: |
12288
|
|
|
7FF556241000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433338630.00007FF556241000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556241000
|
| Size: |
8192
|
|
|
FBA4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1429252281.000000000FBA4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FBA4000
|
| Size: |
229376
|
|
|
7DF4731A1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.2686440674.00007DF4731A1000.00000020.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7DF4731A1000
|
| Size: |
4096
|
|
|
7FF55668D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692316075.00007FF55668D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55668D000
|
| Size: |
16384
|
|
|
997D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.000000000997D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
997D000
|
| Size: |
12288
|
|
|
7FF55664F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692039879.00007FF55664F000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55664F000
|
| Size: |
4096
|
|
|
AC30000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424408663.000000000AC30000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
AC30000
|
| Size: |
20480
|
|
|
D456000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D456000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D456000
|
| Size: |
20480
|
|
|
D0F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424685186.000000000D0F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D0F0000
|
| Size: |
4096
|
|
|
FFBC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1431608548.000000000FFBC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FFBC000
|
| Size: |
12288
|
|
|
7FF556366000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434513567.00007FF556366000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556366000
|
| Size: |
4096
|
|
|
3030000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2669400390.0000000003030000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3030000
|
| Size: |
925696
|
|
|
FFAD000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2684286851.000000000FFAD000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FFAD000
|
| Size: |
16384
|
|
|
7FF5563E4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434848149.00007FF5563E4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563E4000
|
| Size: |
24576
|
|
|
7FF555F6E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687389473.00007FF555F6E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F6E000
|
| Size: |
24576
|
|
|
7FF556233000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688941351.00007FF556233000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556233000
|
| Size: |
8192
|
|
|
9ED8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009ED8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9ED8000
|
| Size: |
32768
|
|
|
D445000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D445000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D445000
|
| Size: |
4096
|
|
|
7FF556471000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690117549.00007FF556471000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556471000
|
| Size: |
4096
|
|
|
31FE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.00000000031FE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31FE000
|
| Size: |
4096
|
|
|
F231000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.2681035862.000000000F231000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F231000
|
| Size: |
4096
|
|
|
BFB000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2668611309.0000000000BFB000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
BFB000
|
| Size: |
8192
|
|
|
7FF556545000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691113597.00007FF556545000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556545000
|
| Size: |
4096
|
|
|
7FF55618E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433120586.00007FF55618E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55618E000
|
| Size: |
16384
|
|
|
7FF55631D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434050027.00007FF55631D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55631D000
|
| Size: |
4096
|
|
|
904D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673855383.000000000904D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
904D000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2468349746.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
995E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.000000000995E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
995E000
|
| Size: |
122880
|
|
|
1763000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1390495503.0000000001763000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1763000
|
| Size: |
45056
|
|
|
DF10000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1426280866.000000000DF10000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
DF10000
|
| Size: |
5242880
|
|
|
AD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668495957.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD5000
|
| Size: |
8192
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2468407587.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
7FF5563A9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689806267.00007FF5563A9000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563A9000
|
| Size: |
4096
|
|
|
7FF555F3E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432091260.00007FF555F3E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F3E000
|
| Size: |
8192
|
|
|
712D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.000000000712D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
712D000
|
| Size: |
4096
|
|
|
E05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418919868.0000000000E05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E05000
|
| Size: |
40960
|
|
|
F1A0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.2681035862.000000000F1A0000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F1A0000
|
| Size: |
331776
|
|
|
8770000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1422026953.0000000008770000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8770000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FF55663C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692008664.00007FF55663C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55663C000
|
| Size: |
8192
|
|
|
A20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1477892570.0000000000A20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A20000
|
| Size: |
4096
|
|
|
FCAB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2682138194.000000000FCAB000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FCAB000
|
| Size: |
40960
|
|
|
7FF55654C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691176100.00007FF55654C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55654C000
|
| Size: |
16384
|
|
|
23EE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1483130622.00000000023EE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
23EE000
|
| Size: |
8192
|
|
|
45B6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.00000000045B6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
45B6000
|
| Size: |
16384
|
|
|
9333000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422484785.0000000009333000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9333000
|
| Size: |
20480
|
|
|
7FF5565E4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691525248.00007FF5565E4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565E4000
|
| Size: |
4096
|
|
|
4FA9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420173651.0000000004FA9000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4FA9000
|
| Size: |
4096
|
|
|
B1E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424566357.000000000B1E0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B1E0000
|
| Size: |
4096
|
|
|
A68A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424222322.000000000A68A000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A68A000
|
| Size: |
4096
|
|
|
FF70000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2684026733.000000000FF70000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FF70000
|
| Size: |
184320
|
|
|
8C21000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673676992.0000000008C21000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8C21000
|
| Size: |
4096
|
|
|
7FF555F3E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687281580.00007FF555F3E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F3E000
|
| Size: |
8192
|
|
|
7FF555E4E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432057752.00007FF555E4E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E4E000
|
| Size: |
16384
|
|
|
D7DD000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425592952.000000000D7DD000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D7DD000
|
| Size: |
192512
|
|
|
7FF55653D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435930891.00007FF55653D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55653D000
|
| Size: |
24576
|
|
|
7FF556475000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435157434.00007FF556475000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556475000
|
| Size: |
16384
|
|
|
8906000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422118890.0000000008906000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8906000
|
| Size: |
139264
|
|
|
40F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401608398.00000000040F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F0000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1501060742.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
249856
|
|
|
9981000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009981000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9981000
|
| Size: |
8192
|
|
|
78A1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672253458.00000000078A1000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
78A1000
|
| Size: |
200704
|
|
|
7FF5566FC000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692733414.00007FF5566FC000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566FC000
|
| Size: |
36864
|
|
|
7FF55651A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690897182.00007FF55651A000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55651A000
|
| Size: |
16384
|
|
|
9F2C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009F2C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F2C000
|
| Size: |
4096
|
|
|
A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2105202922.0000000000A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
155648
|
|
|
7FF556282000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433410063.00007FF556282000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556282000
|
| Size: |
4096
|
|
|
AD4D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676541933.000000000AD4D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AD4D000
|
| Size: |
12288
|
|
|
C01000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1408354482.0000000000C01000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
C01000
|
| Size: |
581632
|
|
|
428E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1404875060.000000000428E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
428E000
|
| Size: |
24576
|
|
|
D178000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424703678.000000000D178000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D178000
|
| Size: |
32768
|
|
|
7FF555F35000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432091260.00007FF555F35000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F35000
|
| Size: |
28672
|
|
|
F820000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.2681220002.000000000F820000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
F820000
|
| Size: |
561152
|
|
|
D84D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425592952.000000000D84D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D84D000
|
| Size: |
36864
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2364002143.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
208896
|
|
|
321F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.000000000321F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
321F000
|
| Size: |
20480
|
|
|
7FF555E1E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687070999.00007FF555E1E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E1E000
|
| Size: |
20480
|
|
|
7FF5564FB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435686886.00007FF5564FB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564FB000
|
| Size: |
4096
|
|
|
FF70000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1431526581.000000000FF70000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FF70000
|
| Size: |
184320
|
|
|
17D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1394066141.00000000017D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D5000
|
| Size: |
458752
|
|
|
98D4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000098D4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
98D4000
|
| Size: |
331776
|
|
|
4219000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1404875060.0000000004219000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4219000
|
| Size: |
4096
|
|
|
AF50000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676567477.000000000AF50000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
AF50000
|
| Size: |
4096
|
|
|
7250000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007250000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7250000
|
| Size: |
315392
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
E10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2669052464.0000000000E10000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E10000
|
| Size: |
40960
|
|
|
6F90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420343111.0000000006F90000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6F90000
|
| Size: |
4096
|
|
|
100E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1431702600.00000000100E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
100E0000
|
| Size: |
4096
|
|
|
A691000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424222322.000000000A691000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A691000
|
| Size: |
73728
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2260001303.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
3012000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1479986169.0000000003012000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3012000
|
| Size: |
36864
|
|
|
7FF5560BD000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687896758.00007FF5560BD000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560BD000
|
| Size: |
40960
|
|
|
8906000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673455472.0000000008906000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8906000
|
| Size: |
139264
|
|
|
9333000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673922457.0000000009333000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9333000
|
| Size: |
20480
|
|
|
8CF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2673707281.0000000008CF0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8CF0000
|
| Size: |
8192
|
|
|
976E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.000000000976E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
976E000
|
| Size: |
1011712
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
8710000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421995461.0000000008710000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8710000
|
| Size: |
4096
|
|
|
D2F1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D2F1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D2F1000
|
| Size: |
352256
|
|
|
A0A5000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.000000000A0A5000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A0A5000
|
| Size: |
40960
|
|
|
788D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421180585.000000000788D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
788D000
|
| Size: |
12288
|
|
|
7153000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007153000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7153000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2312511922.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
212992
|
|
|
9604000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009604000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9604000
|
| Size: |
675840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7FF555E54000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432057752.00007FF555E54000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E54000
|
| Size: |
20480
|
|
|
7FF556707000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692733414.00007FF556707000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556707000
|
| Size: |
61440
|
|
|
428E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401608398.000000000428E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
428E000
|
| Size: |
24576
|
|
|
7FF556102000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432631281.00007FF556102000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556102000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2416979916.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
208896
|
|
|
7FF556491000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690361599.00007FF556491000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556491000
|
| Size: |
4096
|
|
|
7FF5561C3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688793635.00007FF5561C3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5561C3000
|
| Size: |
12288
|
|
|
3400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1406388689.0000000003400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3400000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
712F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.000000000712F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
712F000
|
| Size: |
4096
|
|
|
7FF556171000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432980281.00007FF556171000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556171000
|
| Size: |
8192
|
|
|
7FF5561D8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433200393.00007FF5561D8000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5561D8000
|
| Size: |
12288
|
|
|
7FF5560D0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687896758.00007FF5560D0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560D0000
|
| Size: |
8192
|
|
|
7DF4731A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1431786359.00007DF4731A0000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7DF4731A0000
|
| Size: |
4096
|
|
|
38CD000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1480319234.00000000038CD000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
38CD000
|
| Size: |
4096
|
|
|
6F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1418431034.00000000006F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6F0000
|
| Size: |
4096
|
|
|
D42D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D42D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D42D000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1480979387.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
7FF5562E1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689302159.00007FF5562E1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562E1000
|
| Size: |
32768
|
|
|
7FF556491000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435199677.00007FF556491000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556491000
|
| Size: |
4096
|
|
|
22D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1483104211.00000000022D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22D0000
|
| Size: |
20480
|
|
|
7FF5565D3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436393836.00007FF5565D3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565D3000
|
| Size: |
28672
|
|
|
4073000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401484284.0000000004073000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4073000
|
| Size: |
507904
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418864402.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA0000
|
| Size: |
8192
|
|
|
7620000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2672080892.0000000007620000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7620000
|
| Size: |
8192
|
|
|
8AF9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422204239.0000000008AF9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8AF9000
|
| Size: |
28672
|
|
|
A68E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424222322.000000000A68E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A68E000
|
| Size: |
4096
|
|
|
450C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.000000000450C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
450C000
|
| Size: |
4096
|
|
|
301B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1472806378.000000000301B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301B000
|
| Size: |
4096
|
|
|
CC7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1389914042.0000000000CC7000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CC7000
|
| Size: |
299008
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1685634537.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
887C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673398514.000000000887C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
887C000
|
| Size: |
16384
|
|
|
7FF556165000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688371444.00007FF556165000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556165000
|
| Size: |
12288
|
|
|
D670000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D670000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D670000
|
| Size: |
61440
|
|
|
7FF55634B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434387885.00007FF55634B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55634B000
|
| Size: |
4096
|
|
|
45B6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.00000000045B6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
45B6000
|
| Size: |
16384
|
|
|
C01000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1389781976.0000000000C01000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
C01000
|
| Size: |
581632
|
|
|
D515000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D515000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D515000
|
| Size: |
4096
|
|
|
7D0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1418466508.00000000007D0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
13BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1409269134.00000000013BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13BF000
|
| Size: |
4096
|
|
|
7FF5562D4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689244078.00007FF5562D4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562D4000
|
| Size: |
8192
|
|
|
F8BC000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.2681220002.000000000F8BC000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
F8BC000
|
| Size: |
4096
|
|
|
4E60000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000002.2670953521.0000000004E60000.00000008.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
4E60000
|
| Size: |
286720
|
|
|
82D9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673013823.00000000082D9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
82D9000
|
| Size: |
28672
|
|
|
FCA2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2682138194.000000000FCA2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FCA2000
|
| Size: |
28672
|
|
|
7FF55635B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434423358.00007FF55635B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55635B000
|
| Size: |
8192
|
|
|
DBB0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1425949937.000000000DBB0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DBB0000
|
| Size: |
8192
|
|
|
7FF55624F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433353774.00007FF55624F000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55624F000
|
| Size: |
4096
|
|
|
7FF55652C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691053089.00007FF55652C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55652C000
|
| Size: |
4096
|
|
|
960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668402150.0000000000960000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
960000
|
| Size: |
4096
|
|
|
7FF556494000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690389324.00007FF556494000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556494000
|
| Size: |
4096
|
|
|
7FF5561DF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688842134.00007FF5561DF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5561DF000
|
| Size: |
4096
|
|
|
A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2262090947.0000000000A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
151552
|
|
|
73A0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420954933.00000000073A0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
73A0000
|
| Size: |
4096
|
|
|
7FF556346000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434296042.00007FF556346000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556346000
|
| Size: |
4096
|
|
|
96BA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096BA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96BA000
|
| Size: |
12288
|
|
|
7FF5566F5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692733414.00007FF5566F5000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566F5000
|
| Size: |
16384
|
|
|
FBE4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2682138194.000000000FBE4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FBE4000
|
| Size: |
229376
|
|
|
2B90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669210438.0000000002B90000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2B90000
|
| Size: |
4096
|
|
|
2640000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1483210353.0000000002640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2640000
|
| Size: |
36864
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1634201544.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
249856
|
|
|
D44A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D44A000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D44A000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7A59000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421333919.0000000007A59000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A59000
|
| Size: |
28672
|
|
|
7FF556341000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689497533.00007FF556341000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556341000
|
| Size: |
4096
|
|
|
7FF5566DA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437690627.00007FF5566DA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566DA000
|
| Size: |
24576
|
|
|
D9FA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425813418.000000000D9FA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D9FA000
|
| Size: |
24576
|
|
|
7FF55652E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435841670.00007FF55652E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55652E000
|
| Size: |
24576
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2208164279.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
212992
|
|
|
9B3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675402310.0000000009B3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B3E000
|
| Size: |
8192
|
|
|
87E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1422072090.00000000087E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
87E0000
|
| Size: |
8192
|
|
|
7FF5566D3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692619145.00007FF5566D3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566D3000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2051841189.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
196608
|
|
|
D90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668853007.0000000000D90000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D90000
|
| Size: |
4096
|
|
|
B1E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676666760.000000000B1E0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B1E0000
|
| Size: |
4096
|
|
|
2F01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668880421.0000000002F01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F01000
|
| Size: |
4096
|
|
|
7DF4731B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2686497046.00007DF4731B0000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7DF4731B0000
|
| Size: |
4096
|
|
|
359E000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2669148512.000000000359E000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
359E000
|
| Size: |
1220608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7215000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007215000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7215000
|
| Size: |
131072
|
|
|
7FF54D7B3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2686828265.00007FF54D7B3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF54D7B3000
|
| Size: |
20480
|
|
|
9F31000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009F31000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F31000
|
| Size: |
4096
|
|
|
2A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419060085.0000000002A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A1E000
|
| Size: |
8192
|
|
|
13FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1409269134.00000000013FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13FD000
|
| Size: |
12288
|
|
|
7FF5566D3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437690627.00007FF5566D3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566D3000
|
| Size: |
12288
|
|
|
D060000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2676838640.000000000D060000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D060000
|
| Size: |
4096
|
|
|
7FF556185000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688673900.00007FF556185000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556185000
|
| Size: |
8192
|
|
|
7FF556146000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432867850.00007FF556146000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556146000
|
| Size: |
20480
|
|
|
7FF5560A1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687591807.00007FF5560A1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560A1000
|
| Size: |
16384
|
|
|
17D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1391192907.00000000017D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D7000
|
| Size: |
450560
|
|
|
7FF555D23000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1431923064.00007FF555D23000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555D23000
|
| Size: |
8192
|
|
|
7FF556348000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689550267.00007FF556348000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556348000
|
| Size: |
4096
|
|
|
1560000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1412553738.0000000001560000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1560000
|
| Size: |
4096
|
|
|
7FF556341000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434228101.00007FF556341000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556341000
|
| Size: |
4096
|
|
|
32FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1480140231.00000000032FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
32FF000
|
| Size: |
4096
|
|
|
7FF556682000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436958887.00007FF556682000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556682000
|
| Size: |
12288
|
|
|
E10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1418962474.0000000000E10000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E10000
|
| Size: |
40960
|
|
|
455E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.000000000455E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
455E000
|
| Size: |
4096
|
|
|
7FF55653D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691113597.00007FF55653D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55653D000
|
| Size: |
24576
|
|
|
9ED2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009ED2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9ED2000
|
| Size: |
4096
|
|
|
7FF55626A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433370339.00007FF55626A000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55626A000
|
| Size: |
4096
|
|
|
2E1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1478596432.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E1B000
|
| Size: |
36864
|
|
|
99BE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000099BE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
99BE000
|
| Size: |
4096
|
|
|
BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1564396204.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BB0000
|
| Size: |
65536
|
|
|
D42D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D42D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D42D000
|
| Size: |
12288
|
|
|
A039000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.000000000A039000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A039000
|
| Size: |
4096
|
|
|
B1DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424551910.000000000B1DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B1DB000
|
| Size: |
20480
|
|
|
7FF55652C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435841670.00007FF55652C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55652C000
|
| Size: |
4096
|
|
|
7640000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672124289.0000000007640000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7640000
|
| Size: |
4096
|
|
|
96E4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096E4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96E4000
|
| Size: |
4096
|
|
|
F8AA000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.2681220002.000000000F8AA000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
F8AA000
|
| Size: |
4096
|
|
|
BF8000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2668564463.0000000000BF8000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
BF8000
|
| Size: |
8192
|
|
|
7FF55658D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691319365.00007FF55658D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55658D000
|
| Size: |
4096
|
|
|
9926000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009926000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9926000
|
| Size: |
4096
|
|
|
DA3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668883692.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA3000
|
| Size: |
49152
|
|
|
7FF5566EF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437690627.00007FF5566EF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566EF000
|
| Size: |
16384
|
|
|
7FF556322000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434147217.00007FF556322000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556322000
|
| Size: |
8192
|
|
|
453C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.000000000453C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
453C000
|
| Size: |
4096
|
|
|
7FF556440000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690117549.00007FF556440000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556440000
|
| Size: |
12288
|
|
|
B0DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424521353.000000000B0DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0DF000
|
| Size: |
4096
|
|
|
7FF5560E2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688029336.00007FF5560E2000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560E2000
|
| Size: |
16384
|
|
|
4610000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670905141.0000000004610000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4610000
|
| Size: |
4096
|
|
|
FCE4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2682138194.000000000FCE4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FCE4000
|
| Size: |
229376
|
|
|
4610000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420115182.0000000004610000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4610000
|
| Size: |
4096
|
|
|
B15A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676616590.000000000B15A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B15A000
|
| Size: |
24576
|
|
|
40F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401217983.00000000040F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F0000
|
| Size: |
1196032
|
|
|
44F8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.00000000044F8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
44F8000
|
| Size: |
8192
|
|
|
A099000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.000000000A099000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A099000
|
| Size: |
4096
|
|
|
3001000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668908921.0000000003001000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3001000
|
| Size: |
8192
|
|
|
7FF556658000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436854086.00007FF556658000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556658000
|
| Size: |
20480
|
|
|
2C37000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419175239.0000000002C37000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C37000
|
| Size: |
36864
|
|
|
7FF556257000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689068798.00007FF556257000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556257000
|
| Size: |
57344
|
|
|
17D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1394180514.00000000017D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D5000
|
| Size: |
4096
|
|
|
7FF556202000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433241607.00007FF556202000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556202000
|
| Size: |
16384
|
|
|
D507000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D507000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D507000
|
| Size: |
24576
|
|
|
7FF5564D3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435462465.00007FF5564D3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564D3000
|
| Size: |
8192
|
|
|
7FF54D7B9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1431889442.00007FF54D7B9000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF54D7B9000
|
| Size: |
20480
|
|
|
7FF5561AF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688742995.00007FF5561AF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5561AF000
|
| Size: |
32768
|
|
|
9F33000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009F33000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F33000
|
| Size: |
12288
|
|
|
7FF5560D0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432412549.00007FF5560D0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560D0000
|
| Size: |
8192
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2363762602.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
7FF556181000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688602100.00007FF556181000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556181000
|
| Size: |
4096
|
|
|
4219000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1402968815.0000000004219000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4219000
|
| Size: |
4096
|
|
|
96F2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096F2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96F2000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2000012766.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
221184
|
|
|
7FF5565BD000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436335001.00007FF5565BD000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565BD000
|
| Size: |
24576
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1789074440.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
245760
|
|
|
9F64000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009F64000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F64000
|
| Size: |
258048
|
|
|
7FF556697000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692377544.00007FF556697000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556697000
|
| Size: |
24576
|
|
|
7FF55628A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689174121.00007FF55628A000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55628A000
|
| Size: |
4096
|
|
|
3209000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.0000000003209000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3209000
|
| Size: |
4096
|
|
|
7FF54D7B3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1431889442.00007FF54D7B3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF54D7B3000
|
| Size: |
20480
|
|
|
7FF556391000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434672951.00007FF556391000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556391000
|
| Size: |
8192
|
|
|
7FF5563A4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434672951.00007FF5563A4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563A4000
|
| Size: |
24576
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2629665131.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
C8F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1409094663.0000000000C8F000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C8F000
|
| Size: |
147456
|
|
|
711D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.000000000711D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
711D000
|
| Size: |
8192
|
|
|
C00000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1407789725.0000000000C00000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C00000
|
| Size: |
4096
|
|
|
96B1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096B1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96B1000
|
| Size: |
12288
|
|
|
D69F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D69F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D69F000
|
| Size: |
122880
|
|
|
96E2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096E2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96E2000
|
| Size: |
4096
|
|
|
B84D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424645432.000000000B84D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B84D000
|
| Size: |
12288
|
|
|
7129000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007129000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7129000
|
| Size: |
4096
|
|
|
7FF5560BD000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432412549.00007FF5560BD000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560BD000
|
| Size: |
40960
|
|
|
7FF5564C4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690629074.00007FF5564C4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564C4000
|
| Size: |
12288
|
|
|
AE4D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424467383.000000000AE4D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AE4D000
|
| Size: |
12288
|
|
|
7FF556728000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437801653.00007FF556728000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556728000
|
| Size: |
8192
|
|
|
7FF556548000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436036097.00007FF556548000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556548000
|
| Size: |
12288
|
|
|
4510000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.0000000004510000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4510000
|
| Size: |
4096
|
|
|
17D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1394132774.00000000017D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D6000
|
| Size: |
454656
|
|
|
7FF55611B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432631281.00007FF55611B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55611B000
|
| Size: |
8192
|
|
|
D61F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D61F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D61F000
|
| Size: |
8192
|
|
|
7930000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2672358725.0000000007930000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7930000
|
| Size: |
8192
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2416407302.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
71AB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.00000000071AB000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
71AB000
|
| Size: |
98304
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2629572670.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
17D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1393970160.00000000017D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D5000
|
| Size: |
458752
|
|
|
76CB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421086259.00000000076CB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
76CB000
|
| Size: |
20480
|
|
|
40F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1402968815.00000000040F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F0000
|
| Size: |
1196032
|
|
|
6E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2668209965.00000000006E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6E0000
|
| Size: |
4096
|
|
|
7FF556369000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434543839.00007FF556369000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556369000
|
| Size: |
12288
|
|
|
CBE000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1389885021.0000000000CBE000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
CBE000
|
| Size: |
8192
|
|
|
D59F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D59F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D59F000
|
| Size: |
4096
|
|
|
13CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1409269134.00000000013CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13CF000
|
| Size: |
4096
|
|
|
2E10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668695781.0000000002E10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E10000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1891117857.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
D557000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D557000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D557000
|
| Size: |
4096
|
|
|
9F3F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009F3F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F3F000
|
| Size: |
12288
|
|
|
FFBC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2684286851.000000000FFBC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FFBC000
|
| Size: |
12288
|
|
|
7D60000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672596069.0000000007D60000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7D60000
|
| Size: |
5242880
|
|
|
9E80000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2675574469.0000000009E80000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9E80000
|
| Size: |
8192
|
|
|
D488000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D488000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D488000
|
| Size: |
446464
|
|
|
7114000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007114000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7114000
|
| Size: |
12288
|
|
|
9716000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009716000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9716000
|
| Size: |
270336
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7470000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671985841.0000000007470000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7470000
|
| Size: |
4096
|
|
|
B1F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1424577978.000000000B1F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B1F0000
|
| Size: |
8192
|
|
|
8740000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1422012192.0000000008740000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8740000
|
| Size: |
4096
|
|
|
D72C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D72C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D72C000
|
| Size: |
73728
|
|
|
7FF55671D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437801653.00007FF55671D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55671D000
|
| Size: |
20480
|
|
|
9996000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009996000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9996000
|
| Size: |
4096
|
|
|
D0ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676862929.000000000D0ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D0ED000
|
| Size: |
12288
|
|
|
D59F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D59F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D59F000
|
| Size: |
4096
|
|
|
39D0000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1481030847.00000000039D0000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
39D0000
|
| Size: |
331776
|
|
|
44D0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.00000000044D0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
44D0000
|
| Size: |
20480
|
|
|
7FF556707000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437801653.00007FF556707000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556707000
|
| Size: |
61440
|
|
|
B200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676713731.000000000B200000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B200000
|
| Size: |
4096
|
|
|
98D4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000098D4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
98D4000
|
| Size: |
331776
|
|
|
3729000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1480319234.0000000003729000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3729000
|
| Size: |
4096
|
|
|
78F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421252883.00000000078F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
78F0000
|
| Size: |
4096
|
|
|
7FF5563EE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689974781.00007FF5563EE000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563EE000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1788920149.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
9F38000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009F38000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F38000
|
| Size: |
20480
|
|
|
7FF5564BA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435402854.00007FF5564BA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564BA000
|
| Size: |
4096
|
|
|
96CE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096CE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96CE000
|
| Size: |
4096
|
|
|
D466000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D466000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D466000
|
| Size: |
12288
|
|
|
7FF55626A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689068798.00007FF55626A000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55626A000
|
| Size: |
4096
|
|
|
96AD000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096AD000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96AD000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1840130162.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
7FF55647B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435178432.00007FF55647B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55647B000
|
| Size: |
20480
|
|
|
D72C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D72C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D72C000
|
| Size: |
73728
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2207218750.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
2998000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419039808.0000000002998000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2998000
|
| Size: |
32768
|
|
|
3130000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669528433.0000000003130000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3130000
|
| Size: |
4096
|
|
|
3A22000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1481030847.0000000003A22000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3A22000
|
| Size: |
4096
|
|
|
9990000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009990000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9990000
|
| Size: |
20480
|
|
|
11A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2669088135.00000000011A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
11A0000
|
| Size: |
397312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
DA7A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425857041.000000000DA7A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DA7A000
|
| Size: |
24576
|
|
|
7FF555E1E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1431959221.00007FF555E1E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E1E000
|
| Size: |
20480
|
|
|
9996000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009996000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9996000
|
| Size: |
4096
|
|
|
17B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1393970160.00000000017B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B3000
|
| Size: |
118784
|
|
|
7138000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007138000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7138000
|
| Size: |
4096
|
|
|
7125000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007125000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7125000
|
| Size: |
12288
|
|
|
72DE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671898945.00000000072DE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
72DE000
|
| Size: |
200704
|
|
|
7FF5561AF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433140065.00007FF5561AF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5561AF000
|
| Size: |
32768
|
|
|
17D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395252469.00000000017D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D5000
|
| Size: |
458752
|
|
|
96D6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096D6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96D6000
|
| Size: |
4096
|
|
|
7FF5560A1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432312251.00007FF5560A1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560A1000
|
| Size: |
16384
|
|
|
ACCB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676518027.000000000ACCB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACCB000
|
| Size: |
20480
|
|
|
7FF5560E7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688029336.00007FF5560E7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560E7000
|
| Size: |
53248
|
|
|
997D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.000000000997D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
997D000
|
| Size: |
12288
|
|
|
9990000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009990000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9990000
|
| Size: |
20480
|
|
|
7FF556630000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436643944.00007FF556630000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556630000
|
| Size: |
4096
|
|
|
7FF556394000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434672951.00007FF556394000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556394000
|
| Size: |
4096
|
|
|
99BB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000099BB000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
99BB000
|
| Size: |
8192
|
|
|
320F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.000000000320F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
320F000
|
| Size: |
4096
|
|
|
9ED6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009ED6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9ED6000
|
| Size: |
4096
|
|
|
320D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.000000000320D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
320D000
|
| Size: |
4096
|
|
|
7A59000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672436728.0000000007A59000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A59000
|
| Size: |
28672
|
|
|
7FF55656D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691265941.00007FF55656D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55656D000
|
| Size: |
4096
|
|
|
3211000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.0000000003211000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3211000
|
| Size: |
4096
|
|
|
77E8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421135042.00000000077E8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
77E8000
|
| Size: |
32768
|
|
|
2B30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1483393189.0000000002B30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B30000
|
| Size: |
8192
|
|
|
D5EB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D5EB000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D5EB000
|
| Size: |
4096
|
|
|
1740000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1414510584.0000000001740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1740000
|
| Size: |
24576
|
|
|
7B60000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672517037.0000000007B60000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7B60000
|
| Size: |
32768
|
|
|
7FF556658000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692125213.00007FF556658000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556658000
|
| Size: |
20480
|
|
|
2E13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1409305268.0000000002E13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E13000
|
| Size: |
135168
|
|
|
71AB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.00000000071AB000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
71AB000
|
| Size: |
98304
|
|
|
7FF5564F5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435629943.00007FF5564F5000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564F5000
|
| Size: |
4096
|
|
|
2E13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1410566993.0000000002E13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E13000
|
| Size: |
266240
|
|
|
7FF5562D7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433631463.00007FF5562D7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562D7000
|
| Size: |
24576
|
|
|
2E13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1416847644.0000000002E13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E13000
|
| Size: |
135168
|
|
|
3742000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2669148512.0000000003742000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3742000
|
| Size: |
40960
|
|
|
AFDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424493490.000000000AFDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AFDE000
|
| Size: |
8192
|
|
|
7250000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007250000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7250000
|
| Size: |
315392
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
93B9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422509728.00000000093B9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
93B9000
|
| Size: |
28672
|
|
|
7FF55640C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690117549.00007FF55640C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55640C000
|
| Size: |
53248
|
|
|
D875000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425592952.000000000D875000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D875000
|
| Size: |
4096
|
|
|
7FF5563F6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690028706.00007FF5563F6000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563F6000
|
| Size: |
24576
|
|
|
4526000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.0000000004526000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4526000
|
| Size: |
24576
|
|
|
96E8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096E8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96E8000
|
| Size: |
4096
|
|
|
31EE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.00000000031EE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31EE000
|
| Size: |
8192
|
|
|
7FF55631B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689382984.00007FF55631B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55631B000
|
| Size: |
4096
|
|
|
980F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.000000000980F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
980F000
|
| Size: |
352256
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
D439000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D439000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D439000
|
| Size: |
12288
|
|
|
D9FA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2680450290.000000000D9FA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D9FA000
|
| Size: |
24576
|
|
|
7FF5566AA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437090813.00007FF5566AA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566AA000
|
| Size: |
20480
|
|
|
7FF5566CD000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692619145.00007FF5566CD000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566CD000
|
| Size: |
20480
|
|
|
3329000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1480576115.0000000003329000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3329000
|
| Size: |
4096
|
|
|
7E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668362867.00000000007E0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E0000
|
| Size: |
4096
|
|
|
7FF5562D2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433591154.00007FF5562D2000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562D2000
|
| Size: |
4096
|
|
|
7FF556496000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435218075.00007FF556496000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556496000
|
| Size: |
12288
|
|
|
359E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1406388689.000000000359E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
359E000
|
| Size: |
24576
|
|
|
4526000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.0000000004526000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4526000
|
| Size: |
24576
|
|
|
31F1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.00000000031F1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31F1000
|
| Size: |
4096
|
|
|
7FF555FF7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687518720.00007FF555FF7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555FF7000
|
| Size: |
8192
|
|
|
2E13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1409245057.0000000002E13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E13000
|
| Size: |
69632
|
|
|
7FF55642E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690117549.00007FF55642E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55642E000
|
| Size: |
53248
|
|
|
D431000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D431000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D431000
|
| Size: |
8192
|
|
|
7E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418481329.00000000007E0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E0000
|
| Size: |
4096
|
|
|
7FF5566FA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437801653.00007FF5566FA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566FA000
|
| Size: |
4096
|
|
|
7FF556682000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692231980.00007FF556682000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556682000
|
| Size: |
12288
|
|
|
9928000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009928000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9928000
|
| Size: |
32768
|
|
|
96F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96F0000
|
| Size: |
4096
|
|
|
D663000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D663000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D663000
|
| Size: |
32768
|
|
|
78E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1421236157.00000000078E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
78E0000
|
| Size: |
8192
|
|
|
3AF1000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1481203994.0000000003AF1000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3AF1000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1948464640.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
3211000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2668941805.0000000003211000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3211000
|
| Size: |
4096
|
|
|
7FF5560DF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688029336.00007FF5560DF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560DF000
|
| Size: |
8192
|
|
|
7FF5565F9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436559776.00007FF5565F9000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565F9000
|
| Size: |
4096
|
|
|
96E8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096E8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96E8000
|
| Size: |
4096
|
|
|
7FF5561C3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433177217.00007FF5561C3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5561C3000
|
| Size: |
12288
|
|
|
7FF5566B8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437491147.00007FF5566B8000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566B8000
|
| Size: |
12288
|
|
|
2E13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1416774360.0000000002E13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E13000
|
| Size: |
69632
|
|
|
7FF555E3B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1431959221.00007FF555E3B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E3B000
|
| Size: |
24576
|
|
|
89FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422169178.00000000089FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
89FC000
|
| Size: |
16384
|
|
|
9E90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423813690.0000000009E90000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9E90000
|
| Size: |
16384
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2363873305.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
7FF55664B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692039879.00007FF55664B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55664B000
|
| Size: |
12288
|
|
|
96D2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096D2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96D2000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2051424851.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1948585407.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418919868.0000000000E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E00000
|
| Size: |
16384
|
|
|
D515000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D515000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D515000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2155485813.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
5E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2053650627.0000000005E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E80000
|
| Size: |
159744
|
|
|
AC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668429702.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AC0000
|
| Size: |
4096
|
|
|
CB4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1409094663.0000000000CB4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CB4000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary is likely a compiled AutoIt script file |
System Summary |
|
|
|
D060000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1424658664.000000000D060000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D060000
|
| Size: |
4096
|
|
|
9EE2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009EE2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9EE2000
|
| Size: |
12288
|
|
|
2E13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1409515308.0000000002E13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E13000
|
| Size: |
200704
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1631324922.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
A046000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.000000000A046000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A046000
|
| Size: |
4096
|
|
|
B1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668495957.0000000000B1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B1B000
|
| Size: |
16384
|
|
|
2E12000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668785527.0000000002E12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E12000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7FF5560FF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688134897.00007FF5560FF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560FF000
|
| Size: |
8192
|
|
|
7FF555F82000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432196480.00007FF555F82000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F82000
|
| Size: |
8192
|
|
|
9ED8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009ED8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9ED8000
|
| Size: |
32768
|
|
|
7FF556400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434972626.00007FF556400000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556400000
|
| Size: |
28672
|
|
|
7FF55631D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689382984.00007FF55631D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55631D000
|
| Size: |
4096
|
|
|
89FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673541584.00000000089FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
89FC000
|
| Size: |
16384
|
|
|
7FF5561DF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433224546.00007FF5561DF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5561DF000
|
| Size: |
4096
|
|
|
7FF5560BA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687871287.00007FF5560BA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560BA000
|
| Size: |
4096
|
|
|
96C6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096C6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96C6000
|
| Size: |
20480
|
|
|
B50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1481370480.0000000000B50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B50000
|
| Size: |
184320
|
|
|
24C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1417425120.00000000024C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C4000
|
| Size: |
8192
|
|
|
7FF5563FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690028706.00007FF5563FE000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563FE000
|
| Size: |
4096
|
|
|
83EB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673096430.00000000083EB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
83EB000
|
| Size: |
20480
|
|
|
7FF555FF7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432247709.00007FF555FF7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555FF7000
|
| Size: |
8192
|
|
|
8FB0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1422403019.0000000008FB0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8FB0000
|
| Size: |
8192
|
|
|
CC2000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1389885021.0000000000CC2000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
CC2000
|
| Size: |
8192
|
|
|
7FF55651A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435686886.00007FF55651A000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55651A000
|
| Size: |
16384
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1500938960.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
7FF5563DA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434824117.00007FF5563DA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563DA000
|
| Size: |
20480
|
|
|
998C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.000000000998C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
998C000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1891293296.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
237568
|
|
|
7FF556600000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691767111.00007FF556600000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556600000
|
| Size: |
8192
|
|
|
7FF556647000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692039879.00007FF556647000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556647000
|
| Size: |
8192
|
|
|
D827000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425592952.000000000D827000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D827000
|
| Size: |
94208
|
|
|
D567000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D567000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D567000
|
| Size: |
4096
|
|
|
7FF55624F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689042093.00007FF55624F000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55624F000
|
| Size: |
4096
|
|
|
7FF55613C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688289744.00007FF55613C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55613C000
|
| Size: |
16384
|
|
|
DD5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2680953369.000000000DD5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DD5F000
|
| Size: |
4096
|
|
|
7FF5560BA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432388068.00007FF5560BA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560BA000
|
| Size: |
4096
|
|
|
2B20000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419124813.0000000002B20000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2B20000
|
| Size: |
4096
|
|
|
4630000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420131161.0000000004630000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
24C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1417425120.00000000024C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
24C0000
|
| Size: |
8192
|
|
|
84EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673148772.00000000084EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
84EF000
|
| Size: |
4096
|
|
|
DB10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1425894615.000000000DB10000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DB10000
|
| Size: |
8192
|
|
|
A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2632222558.0000000000A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
151552
|
|
|
A11000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1418540420.0000000000A11000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A11000
|
| Size: |
12288
|
|
|
455E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.000000000455E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
455E000
|
| Size: |
4096
|
|
|
7FF556697000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437090813.00007FF556697000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556697000
|
| Size: |
24576
|
|
|
7FF555E42000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1431959221.00007FF555E42000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E42000
|
| Size: |
4096
|
|
|
FFAD000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1431608548.000000000FFAD000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FFAD000
|
| Size: |
16384
|
|
|
428E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1404061510.000000000428E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
428E000
|
| Size: |
24576
|
|
|
8740000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2673272189.0000000008740000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8740000
|
| Size: |
4096
|
|
|
DBAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2680877445.000000000DBAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DBAF000
|
| Size: |
4096
|
|
|
7FF556169000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688371444.00007FF556169000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556169000
|
| Size: |
4096
|
|
|
264C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1483210353.000000000264C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
264C000
|
| Size: |
24576
|
|
|
7FF556723000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437801653.00007FF556723000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556723000
|
| Size: |
16384
|
|
|
73B0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671962337.00000000073B0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
73B0000
|
| Size: |
4096
|
|
|
7FF555E44000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432038693.00007FF555E44000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E44000
|
| Size: |
4096
|
|
|
D287000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D287000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D287000
|
| Size: |
397312
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1685736663.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
96D4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096D4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96D4000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2468300229.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
D50000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1418829203.0000000000D50000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D50000
|
| Size: |
8192
|
|
|
7FF556241000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689017646.00007FF556241000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556241000
|
| Size: |
8192
|
|
|
7FF55666F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692178206.00007FF55666F000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55666F000
|
| Size: |
12288
|
|
|
FCE4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1429252281.000000000FCE4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FCE4000
|
| Size: |
229376
|
|
|
9F62000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009F62000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F62000
|
| Size: |
4096
|
|
|
7FF556300000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689355012.00007FF556300000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556300000
|
| Size: |
12288
|
|
|
7FF5560D8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687896758.00007FF5560D8000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560D8000
|
| Size: |
4096
|
|
|
7FF556181000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433040631.00007FF556181000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556181000
|
| Size: |
4096
|
|
|
D507000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D507000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D507000
|
| Size: |
24576
|
|
|
7FF5565F1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436511107.00007FF5565F1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565F1000
|
| Size: |
12288
|
|
|
7FF5560D3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432412549.00007FF5560D3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560D3000
|
| Size: |
16384
|
|
|
7D58000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421440037.0000000007D58000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D58000
|
| Size: |
32768
|
|
|
910000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668338063.0000000000910000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
910000
|
| Size: |
4096
|
|
|
FFB2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2684286851.000000000FFB2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FFB2000
|
| Size: |
4096
|
|
|
7FF556494000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435218075.00007FF556494000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556494000
|
| Size: |
4096
|
|
|
D654000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D654000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D654000
|
| Size: |
8192
|
|
|
7FF55614D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432867850.00007FF55614D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55614D000
|
| Size: |
28672
|
|
|
B490000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424619570.000000000B490000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B490000
|
| Size: |
20480
|
|
|
DD5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425990585.000000000DD5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DD5F000
|
| Size: |
4096
|
|
|
78F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672328221.00000000078F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
78F0000
|
| Size: |
4096
|
|
|
7FF55642E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435001289.00007FF55642E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55642E000
|
| Size: |
53248
|
|
|
A048000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.000000000A048000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A048000
|
| Size: |
4096
|
|
|
7FF556693000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437090813.00007FF556693000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556693000
|
| Size: |
12288
|
|
|
36CD000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2669148512.00000000036CD000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
36CD000
|
| Size: |
4096
|
|
|
337E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2669119912.000000000337E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
337E000
|
| Size: |
8192
|
|
|
7FF5565EE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691651866.00007FF5565EE000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565EE000
|
| Size: |
8192
|
|
|
3942000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1480319234.0000000003942000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3942000
|
| Size: |
40960
|
|
|
B15A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424536115.000000000B15A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B15A000
|
| Size: |
24576
|
|
|
2E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668695781.0000000002E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E00000
|
| Size: |
49152
|
|
|
7DF4731B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1431818088.00007DF4731B0000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7DF4731B0000
|
| Size: |
4096
|
|
|
233E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1417344983.000000000233E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
233E000
|
| Size: |
8192
|
|
|
96BA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096BA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96BA000
|
| Size: |
12288
|
|
|
7DF473191000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.2685946246.00007DF473191000.00000020.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7DF473191000
|
| Size: |
4096
|
|
|
7FF5566A3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692377544.00007FF5566A3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566A3000
|
| Size: |
24576
|
|
|
D90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418843423.0000000000D90000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D90000
|
| Size: |
4096
|
|
|
8FC0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1422424725.0000000008FC0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8FC0000
|
| Size: |
8192
|
|
|
7FF55664F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436793595.00007FF55664F000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55664F000
|
| Size: |
4096
|
|
|
8E08000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673760932.0000000008E08000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8E08000
|
| Size: |
32768
|
|
|
7FF5565FB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691704643.00007FF5565FB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565FB000
|
| Size: |
8192
|
|
|
461E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2670206219.000000000461E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
461E000
|
| Size: |
8192
|
|
|
FFB2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1431608548.000000000FFB2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FFB2000
|
| Size: |
4096
|
|
|
3F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1403416033.0000000003F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F50000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
FC66000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2682138194.000000000FC66000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FC66000
|
| Size: |
16384
|
|
|
7FF5564D7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690659237.00007FF5564D7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564D7000
|
| Size: |
12288
|
|
|
96D0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096D0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96D0000
|
| Size: |
4096
|
|
|
7FF5565A6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436335001.00007FF5565A6000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565A6000
|
| Size: |
45056
|
|
|
45CC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.00000000045CC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
45CC000
|
| Size: |
12288
|
|
|
795000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668283469.0000000000795000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
795000
|
| Size: |
45056
|
|
|
3200000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2668941805.0000000003200000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3200000
|
| Size: |
65536
|
|
|
7120000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007120000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7120000
|
| Size: |
8192
|
|
|
44C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670145528.00000000044C0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
44C0000
|
| Size: |
4096
|
|
|
9984000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009984000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9984000
|
| Size: |
8192
|
|
|
D502000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D502000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D502000
|
| Size: |
4096
|
|
|
7165000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007165000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7165000
|
| Size: |
282624
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1789010377.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
7FF5564EB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435584675.00007FF5564EB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564EB000
|
| Size: |
4096
|
|
|
4073000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1404421866.0000000004073000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4073000
|
| Size: |
507904
|
|
|
7FF55663C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436770343.00007FF55663C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55663C000
|
| Size: |
8192
|
|
|
40F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1404875060.00000000040F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F0000
|
| Size: |
1196032
|
|
|
E05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668975755.0000000000E05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E05000
|
| Size: |
40960
|
|
|
4512000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.0000000004512000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4512000
|
| Size: |
4096
|
|
|
31FE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.00000000031FE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31FE000
|
| Size: |
4096
|
|
|
A674000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424222322.000000000A674000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A674000
|
| Size: |
24576
|
|
|
7FF556675000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692204374.00007FF556675000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556675000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2207268246.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
131072
|
|
|
B560000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676815068.000000000B560000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B560000
|
| Size: |
4096
|
|
|
96EE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096EE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96EE000
|
| Size: |
4096
|
|
|
3030000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1419284934.0000000003030000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3030000
|
| Size: |
925696
|
|
|
84EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421927587.00000000084EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
84EF000
|
| Size: |
4096
|
|
|
7FF5564C9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435462465.00007FF5564C9000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564C9000
|
| Size: |
32768
|
|
|
C00000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1389761080.0000000000C00000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C00000
|
| Size: |
4096
|
|
|
17B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1416860744.00000000017B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B3000
|
| Size: |
118784
|
|
|
7FF55635B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689627109.00007FF55635B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55635B000
|
| Size: |
8192
|
|
|
D348000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D348000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D348000
|
| Size: |
53248
|
|
|
4073000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401922109.0000000004073000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4073000
|
| Size: |
507904
|
|
|
9F31000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009F31000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F31000
|
| Size: |
4096
|
|
|
9B3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423588182.0000000009B3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B3E000
|
| Size: |
8192
|
|
|
4514000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.0000000004514000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4514000
|
| Size: |
12288
|
|
|
AAAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424347921.000000000AAAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAAD000
|
| Size: |
12288
|
|
|
7FF556583000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691319365.00007FF556583000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556583000
|
| Size: |
32768
|
|
|
18AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395228423.00000000018AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18AE000
|
| Size: |
73728
|
|
|
713E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.000000000713E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
713E000
|
| Size: |
65536
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1999951581.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
9D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675499133.0000000009D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9D3E000
|
| Size: |
8192
|
|
|
D7B4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2679528500.000000000D7B4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D7B4000
|
| Size: |
49152
|
|
|
D6BF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D6BF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D6BF000
|
| Size: |
4096
|
|
|
87D0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2673349483.00000000087D0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
87D0000
|
| Size: |
8192
|
|
|
320B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.000000000320B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
320B000
|
| Size: |
4096
|
|
|
40F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1404061510.00000000040F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F0000
|
| Size: |
1196032
|
|
|
DC0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2668942779.0000000000DC0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DC0000
|
| Size: |
8192
|
|
|
4219000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401608398.0000000004219000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4219000
|
| Size: |
4096
|
|
|
D7CB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425592952.000000000D7CB000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D7CB000
|
| Size: |
16384
|
|
|
7FF55617D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433040631.00007FF55617D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55617D000
|
| Size: |
12288
|
|
|
A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2521832636.0000000000A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
151552
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1737790019.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
8C0B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673649486.0000000008C0B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8C0B000
|
| Size: |
20480
|
|
|
3031000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1471197583.0000000003031000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3031000
|
| Size: |
8192
|
|
|
7FF55657D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691319365.00007FF55657D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55657D000
|
| Size: |
12288
|
|
|
2E13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1417360881.0000000002E13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E13000
|
| Size: |
253952
|
|
|
4219000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401217983.0000000004219000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4219000
|
| Size: |
4096
|
|
|
100E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2685127723.00000000100E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
100E2000
|
| Size: |
24576
|
|
|
7FF556647000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436793595.00007FF556647000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556647000
|
| Size: |
8192
|
|
|
7FF556723000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692733414.00007FF556723000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556723000
|
| Size: |
16384
|
|
|
7FF5564B5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690447975.00007FF5564B5000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564B5000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1686072106.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
245760
|
|
|
90F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673888609.00000000090F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
90F0000
|
| Size: |
8192
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2104283435.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
212992
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2572428614.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
D50F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D50F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D50F000
|
| Size: |
16384
|
|
|
7FF5560A7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432312251.00007FF5560A7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560A7000
|
| Size: |
36864
|
|
|
4FA9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671001116.0000000004FA9000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4FA9000
|
| Size: |
4096
|
|
|
352D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1406388689.000000000352D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
352D000
|
| Size: |
458752
|
|
|
352D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2669148512.000000000352D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
352D000
|
| Size: |
458752
|
|
|
7FF5565E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691525248.00007FF5565E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565E0000
|
| Size: |
12288
|
|
|
177F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1393970160.000000000177F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
177F000
|
| Size: |
172032
|
|
|
9D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423645654.0000000009D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9D3E000
|
| Size: |
8192
|
|
|
7FF5560C8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687896758.00007FF5560C8000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560C8000
|
| Size: |
28672
|
|
|
78A1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421199847.00000000078A1000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
78A1000
|
| Size: |
200704
|
|
|
7FF555F75000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432162356.00007FF555F75000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F75000
|
| Size: |
4096
|
|
|
7FF55611E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688134897.00007FF55611E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55611E000
|
| Size: |
4096
|
|
|
96CC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096CC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96CC000
|
| Size: |
4096
|
|
|
4F11000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420173651.0000000004F11000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4F11000
|
| Size: |
4096
|
|
|
D178000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676933115.000000000D178000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D178000
|
| Size: |
32768
|
|
|
7FF556444000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435001289.00007FF556444000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556444000
|
| Size: |
98304
|
|
|
AAAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676443001.000000000AAAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAAD000
|
| Size: |
12288
|
|
|
D356000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D356000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D356000
|
| Size: |
876544
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
776A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672152682.000000000776A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
776A000
|
| Size: |
24576
|
|
|
7FF556688000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437021977.00007FF556688000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556688000
|
| Size: |
12288
|
|
|
22C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1483079045.00000000022C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22C0000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2416316537.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
2BA0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419162094.0000000002BA0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2BA0000
|
| Size: |
4096
|
|
|
D824000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425592952.000000000D824000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D824000
|
| Size: |
8192
|
|
|
320B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.000000000320B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
320B000
|
| Size: |
4096
|
|
|
B40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1478262237.0000000000B40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B40000
|
| Size: |
4096
|
|
|
3206000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.0000000003206000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3206000
|
| Size: |
8192
|
|
|
7FF5564F8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690897182.00007FF5564F8000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564F8000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1480860933.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
7FF5563EE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434848149.00007FF5563EE000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563EE000
|
| Size: |
4096
|
|
|
B490000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676785098.000000000B490000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B490000
|
| Size: |
20480
|
|
|
9926000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009926000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9926000
|
| Size: |
4096
|
|
|
4073000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1402811448.0000000004073000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4073000
|
| Size: |
507904
|
|
|
D464000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D464000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D464000
|
| Size: |
4096
|
|
|
7FF5564ED000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690809968.00007FF5564ED000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564ED000
|
| Size: |
4096
|
|
|
7FF556471000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435001289.00007FF556471000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556471000
|
| Size: |
4096
|
|
|
8690000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2673174793.0000000008690000.00000002.00000001.00040000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8690000
|
| Size: |
106496
|
|
|
3211000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.0000000003211000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3211000
|
| Size: |
4096
|
|
|
96EC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096EC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96EC000
|
| Size: |
4096
|
|
|
713E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.000000000713E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
713E000
|
| Size: |
65536
|
|
|
2E0E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668695781.0000000002E0E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E0E000
|
| Size: |
4096
|
|
|
998C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.000000000998C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
998C000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1788964536.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
1786000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395561403.0000000001786000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1786000
|
| Size: |
65536
|
|
|
7FF5564B5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435260978.00007FF5564B5000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564B5000
|
| Size: |
12288
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.00000000031C9000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31C9000
|
| Size: |
147456
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2259825764.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
D287000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D287000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D287000
|
| Size: |
401408
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2155534013.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
7FF556178000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688602100.00007FF556178000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556178000
|
| Size: |
16384
|
|
|
7FF555FF4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432230960.00007FF555FF4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555FF4000
|
| Size: |
8192
|
|
|
96E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096E0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96E0000
|
| Size: |
4096
|
|
|
72B0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.00000000072B0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
72B0000
|
| Size: |
4096
|
|
|
7131000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007131000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7131000
|
| Size: |
4096
|
|
|
DC0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1418906771.0000000000DC0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DC0000
|
| Size: |
8192
|
|
|
A674000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676234676.000000000A674000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A674000
|
| Size: |
24576
|
|
|
7FF5564AB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690447975.00007FF5564AB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564AB000
|
| Size: |
16384
|
|
|
AB2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424363698.000000000AB2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB2E000
|
| Size: |
8192
|
|
|
9FD2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009FD2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9FD2000
|
| Size: |
4096
|
|
|
7FF5565A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436304952.00007FF5565A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565A0000
|
| Size: |
4096
|
|
|
9759000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009759000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9759000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
D6C2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D6C2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D6C2000
|
| Size: |
430080
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2572681611.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
212992
|
|
|
D282000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D282000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D282000
|
| Size: |
16384
|
|
|
BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1738852251.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BB0000
|
| Size: |
180224
|
|
|
9E80000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1423795760.0000000009E80000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9E80000
|
| Size: |
8192
|
|
|
17D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1390380220.00000000017D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D8000
|
| Size: |
131072
|
|
|
7DF473190000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1431756199.00007DF473190000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7DF473190000
|
| Size: |
4096
|
|
|
8FA8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422369082.0000000008FA8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8FA8000
|
| Size: |
32768
|
|
|
7FF556128000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432803623.00007FF556128000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556128000
|
| Size: |
57344
|
|
|
836F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673069566.000000000836F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
836F000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2519855099.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
D663000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D663000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D663000
|
| Size: |
32768
|
|
|
3120000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2669502870.0000000003120000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3120000
|
| Size: |
16384
|
|
|
7FF55628A000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433507592.00007FF55628A000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55628A000
|
| Size: |
4096
|
|
|
2E1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1478194099.0000000002E1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E1B000
|
| Size: |
36864
|
|
|
A11000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2668471168.0000000000A11000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A11000
|
| Size: |
12288
|
|
|
95C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000095C0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
95C0000
|
| Size: |
266240
|
|
|
4F11000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671001116.0000000004F11000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4F11000
|
| Size: |
4096
|
|
|
9931000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009931000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9931000
|
| Size: |
86016
|
|
|
ACCB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424422727.000000000ACCB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACCB000
|
| Size: |
20480
|
|
|
7FF5564DB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435462465.00007FF5564DB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564DB000
|
| Size: |
16384
|
|
|
D282000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D282000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D282000
|
| Size: |
16384
|
|
|
A02F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.000000000A02F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A02F000
|
| Size: |
4096
|
|
|
7FF5564F5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690866601.00007FF5564F5000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564F5000
|
| Size: |
4096
|
|
|
7FF556422000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690117549.00007FF556422000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556422000
|
| Size: |
12288
|
|
|
9700000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009700000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9700000
|
| Size: |
69632
|
|
|
7FF5560D4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687896758.00007FF5560D4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560D4000
|
| Size: |
12288
|
|
|
7FF55634B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689600133.00007FF55634B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55634B000
|
| Size: |
4096
|
|
|
FBE4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1429252281.000000000FBE4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FBE4000
|
| Size: |
229376
|
|
|
96DA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096DA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96DA000
|
| Size: |
4096
|
|
|
3F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1402811448.0000000003F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F50000
|
| Size: |
1187840
|
|
|
7118000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007118000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7118000
|
| Size: |
4096
|
|
|
454B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.000000000454B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
454B000
|
| Size: |
12288
|
|
|
421D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401217983.000000000421D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
421D000
|
| Size: |
458752
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
D55A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D55A000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D55A000
|
| Size: |
8192
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1840209537.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
245760
|
|
|
9984000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009984000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9984000
|
| Size: |
8192
|
|
|
7FF556221000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688917491.00007FF556221000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556221000
|
| Size: |
12288
|
|
|
79DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672410089.00000000079DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
79DE000
|
| Size: |
8192
|
|
|
4073000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1403416033.0000000004073000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4073000
|
| Size: |
507904
|
|
|
100EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2685127723.00000000100EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
100EA000
|
| Size: |
20480
|
|
|
D488000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D488000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D488000
|
| Size: |
446464
|
|
|
9F33000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009F33000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F33000
|
| Size: |
12288
|
|
|
D654000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D654000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D654000
|
| Size: |
8192
|
|
|
D73F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D73F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D73F000
|
| Size: |
475136
|
|
|
7470000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420980375.0000000007470000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7470000
|
| Size: |
4096
|
|
|
8E09000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422343200.0000000008E09000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8E09000
|
| Size: |
28672
|
|
|
BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668543448.0000000000BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BEE000
|
| Size: |
8192
|
|
|
7110000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007110000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7110000
|
| Size: |
12288
|
|
|
73A0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671936758.00000000073A0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
73A0000
|
| Size: |
4096
|
|
|
3F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401484284.0000000003F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F50000
|
| Size: |
1187840
|
|
|
7FF55635F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434423358.00007FF55635F000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55635F000
|
| Size: |
12288
|
|
|
B200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424590863.000000000B200000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B200000
|
| Size: |
4096
|
|
|
D51D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D51D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D51D000
|
| Size: |
4096
|
|
|
3200000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.0000000003200000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
8192
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1737896014.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
196608
|
|
|
7FF5564BA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690601632.00007FF5564BA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564BA000
|
| Size: |
4096
|
|
|
7FF5562A7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689196788.00007FF5562A7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562A7000
|
| Size: |
4096
|
|
|
7FF556577000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436211134.00007FF556577000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556577000
|
| Size: |
16384
|
|
|
9928000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009928000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9928000
|
| Size: |
122880
|
|
|
D47F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D47F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D47F000
|
| Size: |
4096
|
|
|
87C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673327135.00000000087C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
87C0000
|
| Size: |
4096
|
|
|
17B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395252469.00000000017B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B3000
|
| Size: |
118784
|
|
|
7FF5566CD000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437690627.00007FF5566CD000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566CD000
|
| Size: |
20480
|
|
|
A046000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.000000000A046000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A046000
|
| Size: |
4096
|
|
|
5E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1841053517.0000000005E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E80000
|
| Size: |
176128
|
|
|
7FF556617000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436643944.00007FF556617000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556617000
|
| Size: |
53248
|
|
|
38D1000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1480319234.00000000038D1000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
38D1000
|
| Size: |
458752
|
|
|
3031000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1472956013.0000000003031000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3031000
|
| Size: |
8192
|
|
|
5E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1789955880.0000000005E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E80000
|
| Size: |
180224
|
|
|
317D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.000000000317D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
317D000
|
| Size: |
36864
|
|
|
7FF5565D3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691525248.00007FF5565D3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565D3000
|
| Size: |
28672
|
|
|
A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2209459732.0000000000A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
151552
|
|
|
7FF555E24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1431959221.00007FF555E24000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E24000
|
| Size: |
69632
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2155584482.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
795000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418449097.0000000000795000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
795000
|
| Size: |
45056
|
|
|
7FF555D23000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2686978771.00007FF555D23000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555D23000
|
| Size: |
8192
|
|
|
7FF556333000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689471601.00007FF556333000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556333000
|
| Size: |
4096
|
|
|
7FF556400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690087735.00007FF556400000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556400000
|
| Size: |
28672
|
|
|
3F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401086481.0000000003F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F50000
|
| Size: |
1187840
|
|
|
FCAB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1429252281.000000000FCAB000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FCAB000
|
| Size: |
40960
|
|
|
D69F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D69F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D69F000
|
| Size: |
122880
|
|
|
7FF55622C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688941351.00007FF55622C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55622C000
|
| Size: |
8192
|
|
|
7FF5564A1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435260978.00007FF5564A1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564A1000
|
| Size: |
20480
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2363942723.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
BDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1479141193.0000000000BDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BDE000
|
| Size: |
8192
|
|
|
711A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.000000000711A000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
711A000
|
| Size: |
8192
|
|
|
428E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1402968815.000000000428E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
428E000
|
| Size: |
24576
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2260209340.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
212992
|
|
|
2FE3000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419254556.0000000002FE3000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FE3000
|
| Size: |
53248
|
|
|
7153000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007153000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7153000
|
| Size: |
4096
|
|
|
7FF556583000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436211134.00007FF556583000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556583000
|
| Size: |
32768
|
|
|
453C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.000000000453C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
453C000
|
| Size: |
4096
|
|
|
88C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673426987.00000000088C0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
88C0000
|
| Size: |
4096
|
|
|
7FF55611E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432631281.00007FF55611E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55611E000
|
| Size: |
4096
|
|
|
D46A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D46A000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D46A000
|
| Size: |
61440
|
|
|
7FF5561D8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688818546.00007FF5561D8000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5561D8000
|
| Size: |
12288
|
|
|
D50F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D50F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D50F000
|
| Size: |
16384
|
|
|
96DE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096DE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96DE000
|
| Size: |
4096
|
|
|
7600000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421015290.0000000007600000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7600000
|
| Size: |
8192
|
|
|
7FF555E42000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687070999.00007FF555E42000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E42000
|
| Size: |
4096
|
|
|
3A61000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1481030847.0000000003A61000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3A61000
|
| Size: |
4096
|
|
|
7FF55635F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689627109.00007FF55635F000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55635F000
|
| Size: |
12288
|
|
|
712F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.000000000712F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
712F000
|
| Size: |
4096
|
|
|
A20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418577211.0000000000A20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A20000
|
| Size: |
28672
|
|
|
A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2365503983.0000000000A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
151552
|
|
|
8440000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421913631.0000000008440000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8440000
|
| Size: |
4096
|
|
|
3400000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2669148512.0000000003400000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3400000
|
| Size: |
1208320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2572488108.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
3000000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2669373068.0000000003000000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3000000
|
| Size: |
8192
|
|
|
DE0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1426036088.000000000DE0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DE0C000
|
| Size: |
16384
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2520542906.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
212992
|
|
|
8700000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2673228100.0000000008700000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8700000
|
| Size: |
8192
|
|
|
179D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1391114974.000000000179D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
179D000
|
| Size: |
184320
|
|
|
9EBE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009EBE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9EBE000
|
| Size: |
8192
|
|
|
D222000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D222000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D222000
|
| Size: |
389120
|
|
|
7FF556155000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432867850.00007FF556155000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556155000
|
| Size: |
32768
|
|
|
7FF556521000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435770541.00007FF556521000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556521000
|
| Size: |
8192
|
|
|
720B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.000000000720B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
720B000
|
| Size: |
4096
|
|
|
7FF55664B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436793595.00007FF55664B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55664B000
|
| Size: |
12288
|
|
|
7FF556146000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688371444.00007FF556146000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556146000
|
| Size: |
20480
|
|
|
9759000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009759000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9759000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
320F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.000000000320F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
320F000
|
| Size: |
4096
|
|
|
D1B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418811217.0000000000D1B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D1B000
|
| Size: |
20480
|
|
|
7FF5561BE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688769210.00007FF5561BE000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5561BE000
|
| Size: |
8192
|
|
|
999F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.000000000999F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
999F000
|
| Size: |
4096
|
|
|
7630000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421051523.0000000007630000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7630000
|
| Size: |
4096
|
|
|
99A8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000099A8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
99A8000
|
| Size: |
65536
|
|
|
7DF4731B1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000000.1431834183.00007DF4731B1000.00000020.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7DF4731B1000
|
| Size: |
4096
|
|
|
D4F7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D4F7000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D4F7000
|
| Size: |
28672
|
|
|
7CDD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421418967.0000000007CDD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7CDD000
|
| Size: |
12288
|
|
|
ADCB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424451416.000000000ADCB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ADCB000
|
| Size: |
20480
|
|
|
7FF556300000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433810883.00007FF556300000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556300000
|
| Size: |
12288
|
|
|
7FF556105000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688134897.00007FF556105000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556105000
|
| Size: |
40960
|
|
|
96AA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096AA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96AA000
|
| Size: |
8192
|
|
|
9F04000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009F04000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F04000
|
| Size: |
102400
|
|
|
A03C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.000000000A03C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A03C000
|
| Size: |
4096
|
|
|
320D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.000000000320D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
320D000
|
| Size: |
4096
|
|
|
7DF4731D1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000000.1431868886.00007DF4731D1000.00000020.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7DF4731D1000
|
| Size: |
4096
|
|
|
7FF5560E2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432536114.00007FF5560E2000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560E2000
|
| Size: |
16384
|
|
|
7AA0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1421369270.0000000007AA0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7AA0000
|
| Size: |
36864
|
|
|
7FF55657D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436211134.00007FF55657D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55657D000
|
| Size: |
12288
|
|
|
82D9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421817440.00000000082D9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
82D9000
|
| Size: |
28672
|
|
|
96EC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096EC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96EC000
|
| Size: |
4096
|
|
|
82E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2673044465.00000000082E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
82E0000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
96DC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096DC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96DC000
|
| Size: |
4096
|
|
|
7114000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007114000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7114000
|
| Size: |
12288
|
|
|
8B3B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422225726.0000000008B3B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8B3B000
|
| Size: |
204800
|
|
|
9949000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009949000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9949000
|
| Size: |
81920
|
|
|
4510000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.0000000004510000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4510000
|
| Size: |
4096
|
|
|
8700000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1421979664.0000000008700000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8700000
|
| Size: |
8192
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2104113452.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
196608
|
|
|
7DF4731A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2686110264.00007DF4731A0000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7DF4731A0000
|
| Size: |
4096
|
|
|
9CBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675475267.0000000009CBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9CBF000
|
| Size: |
4096
|
|
|
D73F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D73F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D73F000
|
| Size: |
475136
|
|
|
D680000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D680000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D680000
|
| Size: |
122880
|
|
|
712D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.000000000712D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
712D000
|
| Size: |
4096
|
|
|
D431000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D431000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D431000
|
| Size: |
8192
|
|
|
7FF5564D7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435462465.00007FF5564D7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564D7000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2312450249.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
7FF5563DA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689947886.00007FF5563DA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563DA000
|
| Size: |
20480
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1500988498.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
A052000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.000000000A052000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A052000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2572350964.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
D47F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D47F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D47F000
|
| Size: |
4096
|
|
|
151E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1410651073.000000000151E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
151E000
|
| Size: |
8192
|
|
|
32B1000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2669036421.00000000032B1000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
32B1000
|
| Size: |
4096
|
|
|
7FF5565BD000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691459975.00007FF5565BD000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565BD000
|
| Size: |
24576
|
|
|
421D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1404875060.000000000421D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
421D000
|
| Size: |
458752
|
|
|
44D7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.00000000044D7000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
44D7000
|
| Size: |
12288
|
|
|
9DBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675523940.0000000009DBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9DBF000
|
| Size: |
4096
|
|
|
9998000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009998000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9998000
|
| Size: |
4096
|
|
|
72A4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.00000000072A4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
72A4000
|
| Size: |
12288
|
|
|
ADF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418577211.0000000000ADF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ADF000
|
| Size: |
233472
|
|
|
40F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1402081770.00000000040F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
40F0000
|
| Size: |
1196032
|
|
|
8440000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673122369.0000000008440000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8440000
|
| Size: |
4096
|
|
|
3130000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419373557.0000000003130000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3130000
|
| Size: |
4096
|
|
|
7FF556688000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692316075.00007FF556688000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556688000
|
| Size: |
12288
|
|
|
7FF556123000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688289744.00007FF556123000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556123000
|
| Size: |
16384
|
|
|
7FF5560DF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432536114.00007FF5560DF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560DF000
|
| Size: |
8192
|
|
|
95C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000095C0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
95C0000
|
| Size: |
266240
|
|
|
7FF5565F1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691651866.00007FF5565F1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565F1000
|
| Size: |
12288
|
|
|
5E7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2670294216.0000000005E7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E7F000
|
| Size: |
4096
|
|
|
D45F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D45F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D45F000
|
| Size: |
16384
|
|
|
A28000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418577211.0000000000A28000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A28000
|
| Size: |
700416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7FF5562E1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433717027.00007FF5562E1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562E1000
|
| Size: |
32768
|
|
|
325C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.000000000325C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
325C000
|
| Size: |
12288
|
|
|
A00000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668431226.0000000000A00000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A00000
|
| Size: |
8192
|
|
|
8690000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1421942254.0000000008690000.00000002.00000001.00040000.00000004.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8690000
|
| Size: |
106496
|
|
|
7FF55668D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437021977.00007FF55668D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55668D000
|
| Size: |
16384
|
|
|
A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2313649217.0000000000A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
151552
|
|
|
7FF5562FB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433744167.00007FF5562FB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562FB000
|
| Size: |
4096
|
|
|
7FF555F79000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687441116.00007FF555F79000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F79000
|
| Size: |
32768
|
|
|
8D89000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673732387.0000000008D89000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8D89000
|
| Size: |
28672
|
|
|
7FF55622F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688941351.00007FF55622F000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55622F000
|
| Size: |
12288
|
|
|
7FF556178000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433040631.00007FF556178000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556178000
|
| Size: |
16384
|
|
|
C79000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668784406.0000000000C79000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C79000
|
| Size: |
28672
|
|
|
7FF5564EB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690809968.00007FF5564EB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564EB000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2416361457.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
7FF556371000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689729839.00007FF556371000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556371000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1999907449.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1482964845.00000000000FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FD000
|
| Size: |
12288
|
|
|
720F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.000000000720F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
720F000
|
| Size: |
4096
|
|
|
B469000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424606327.000000000B469000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B469000
|
| Size: |
28672
|
|
|
9866000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009866000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9866000
|
| Size: |
446464
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
8770000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2673301091.0000000008770000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8770000
|
| Size: |
8192
|
|
|
3160000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.0000000003160000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3160000
|
| Size: |
114688
|
|
|
17B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395154978.00000000017B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B3000
|
| Size: |
118784
|
|
|
D9A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1409248754.0000000000D9A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D9A000
|
| Size: |
24576
|
|
|
999F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.000000000999F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
999F000
|
| Size: |
4096
|
|
|
8C21000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422270199.0000000008C21000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8C21000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2519973076.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2051936621.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
221184
|
|
|
7FF55614D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688371444.00007FF55614D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55614D000
|
| Size: |
28672
|
|
|
7FF5560DC000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688029336.00007FF5560DC000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560DC000
|
| Size: |
8192
|
|
|
3017000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1404967416.0000000003017000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3017000
|
| Size: |
20480
|
|
|
8971000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422145884.0000000008971000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8971000
|
| Size: |
28672
|
|
|
D51D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D51D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D51D000
|
| Size: |
4096
|
|
|
7FF556605000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436625019.00007FF556605000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556605000
|
| Size: |
4096
|
|
|
7FF54D7B9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2686828265.00007FF54D7B9000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF54D7B9000
|
| Size: |
20480
|
|
|
88C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422104209.00000000088C0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
88C0000
|
| Size: |
4096
|
|
|
7FF556548000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691176100.00007FF556548000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556548000
|
| Size: |
12288
|
|
|
3187000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.0000000003187000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3187000
|
| Size: |
139264
|
|
|
7FF5564B1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690447975.00007FF5564B1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564B1000
|
| Size: |
12288
|
|
|
7FF5563FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434909979.00007FF5563FE000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563FE000
|
| Size: |
4096
|
|
|
B1F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2676688046.000000000B1F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B1F0000
|
| Size: |
8192
|
|
|
31AA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.00000000031AA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31AA000
|
| Size: |
274432
|
|
|
9EBE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009EBE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9EBE000
|
| Size: |
8192
|
|
|
D670000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D670000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D670000
|
| Size: |
61440
|
|
|
31F3000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.00000000031F3000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31F3000
|
| Size: |
4096
|
|
|
DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668883692.0000000000DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA0000
|
| Size: |
8192
|
|
|
3123000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1474992659.0000000003123000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3123000
|
| Size: |
507904
|
|
|
7FF55640C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435001289.00007FF55640C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55640C000
|
| Size: |
53248
|
|
|
7FF556376000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689754443.00007FF556376000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556376000
|
| Size: |
8192
|
|
|
6F65000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671093568.0000000006F65000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F65000
|
| Size: |
45056
|
|
|
3101000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1480081135.0000000003101000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3101000
|
| Size: |
4096
|
|
|
7FF555E16000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1431939463.00007FF555E16000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E16000
|
| Size: |
12288
|
|
|
96CC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096CC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96CC000
|
| Size: |
4096
|
|
|
7131000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007131000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7131000
|
| Size: |
4096
|
|
|
D0F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676908861.000000000D0F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D0F0000
|
| Size: |
4096
|
|
|
325C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.000000000325C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
325C000
|
| Size: |
12288
|
|
|
1772000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1390415077.0000000001772000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1772000
|
| Size: |
417792
|
|
|
339E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1480576115.000000000339E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
339E000
|
| Size: |
24576
|
|
|
7FF55616C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432980281.00007FF55616C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55616C000
|
| Size: |
4096
|
|
|
8FC0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2673830214.0000000008FC0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8FC0000
|
| Size: |
8192
|
|
|
322F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.000000000322F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
322F000
|
| Size: |
159744
|
|
|
9DBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423750258.0000000009DBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9DBF000
|
| Size: |
4096
|
|
|
7DF4731A1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000000.1431801825.00007DF4731A1000.00000020.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7DF4731A1000
|
| Size: |
4096
|
|
|
7FF5564F8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435686886.00007FF5564F8000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564F8000
|
| Size: |
4096
|
|
|
836F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421873315.000000000836F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
836F000
|
| Size: |
4096
|
|
|
9BBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423604131.0000000009BBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9BBD000
|
| Size: |
12288
|
|
|
B50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1414849798.0000000000B50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B50000
|
| Size: |
184320
|
|
|
9866000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009866000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9866000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
2D3A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419208171.0000000002D3A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D3A000
|
| Size: |
24576
|
|
|
7FF556257000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433370339.00007FF556257000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556257000
|
| Size: |
57344
|
|
|
7FF556475000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690304570.00007FF556475000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556475000
|
| Size: |
16384
|
|
|
4566000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.0000000004566000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4566000
|
| Size: |
192512
|
|
|
6F70000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420289865.0000000006F70000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6F70000
|
| Size: |
4096
|
|
|
96E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096E0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96E0000
|
| Size: |
4096
|
|
|
459D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.000000000459D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
459D000
|
| Size: |
53248
|
|
|
DE8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1426073096.000000000DE8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DE8F000
|
| Size: |
4096
|
|
|
7FF556545000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435930891.00007FF556545000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556545000
|
| Size: |
4096
|
|
|
7FF5565EA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436491761.00007FF5565EA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565EA000
|
| Size: |
12288
|
|
|
4514000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.0000000004514000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4514000
|
| Size: |
12288
|
|
|
72DE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420929232.00000000072DE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
72DE000
|
| Size: |
200704
|
|
|
FBA4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2682138194.000000000FBA4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FBA4000
|
| Size: |
229376
|
|
|
44D7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.00000000044D7000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
44D7000
|
| Size: |
12288
|
|
|
DA3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418864402.0000000000DA3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
DA3000
|
| Size: |
49152
|
|
|
7FF5564D3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690659237.00007FF5564D3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564D3000
|
| Size: |
8192
|
|
|
7FF556371000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434567778.00007FF556371000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556371000
|
| Size: |
4096
|
|
|
99BE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000099BE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
99BE000
|
| Size: |
4096
|
|
|
7FF5566B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692499758.00007FF5566B0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566B0000
|
| Size: |
4096
|
|
|
96BE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096BE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96BE000
|
| Size: |
16384
|
|
|
31EE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.00000000031EE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31EE000
|
| Size: |
8192
|
|
|
1858000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395499899.0000000001858000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1858000
|
| Size: |
229376
|
|
|
44F8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.00000000044F8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
44F8000
|
| Size: |
8192
|
|
|
7159000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007159000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7159000
|
| Size: |
45056
|
|
|
AC30000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676492534.000000000AC30000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
AC30000
|
| Size: |
20480
|
|
|
A03C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.000000000A03C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A03C000
|
| Size: |
4096
|
|
|
1846000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1417276732.0000000001846000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1846000
|
| Size: |
73728
|
|
|
7D0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2668318580.00000000007D0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
7FF5564C9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690659237.00007FF5564C9000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564C9000
|
| Size: |
32768
|
|
|
32A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2669036421.00000000032A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
32A0000
|
| Size: |
65536
|
|
|
D44A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D44A000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D44A000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FF5565EA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691624242.00007FF5565EA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565EA000
|
| Size: |
12288
|
|
|
9604000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009604000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9604000
|
| Size: |
675840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
9C3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675449832.0000000009C3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9C3E000
|
| Size: |
8192
|
|
|
929B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422462765.000000000929B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
929B000
|
| Size: |
20480
|
|
|
3200000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.0000000003200000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
8192
|
|
|
AD8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418577211.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD8000
|
| Size: |
8192
|
|
|
9CB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1477824992.00000000009CB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9CB000
|
| Size: |
20480
|
|
|
45C1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.00000000045C1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
36864
|
|
|
379E000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1480319234.000000000379E000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
379E000
|
| Size: |
1220608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
AB2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676469813.000000000AB2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB2E000
|
| Size: |
8192
|
|
|
7FF556394000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689806267.00007FF556394000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556394000
|
| Size: |
4096
|
|
|
45B0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.00000000045B0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
45B0000
|
| Size: |
16384
|
|
|
3026000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1472956013.0000000003026000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3026000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2E69000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419223050.0000000002E69000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E69000
|
| Size: |
28672
|
|
|
7FF556444000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690117549.00007FF556444000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556444000
|
| Size: |
98304
|
|
|
7FF556605000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691799591.00007FF556605000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556605000
|
| Size: |
4096
|
|
|
7FF555E16000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687026814.00007FF555E16000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E16000
|
| Size: |
12288
|
|
|
712B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.000000000712B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
712B000
|
| Size: |
4096
|
|
|
7FF5560E7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432536114.00007FF5560E7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560E7000
|
| Size: |
53248
|
|
|
BE0000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1479204619.0000000000BE0000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
BE0000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7FF556163000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432867850.00007FF556163000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556163000
|
| Size: |
4096
|
|
|
FCB9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2682138194.000000000FCB9000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FCB9000
|
| Size: |
151552
|
|
|
D657000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D657000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D657000
|
| Size: |
8192
|
|
|
D65C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D65C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D65C000
|
| Size: |
8192
|
|
|
7FF555F49000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687363703.00007FF555F49000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F49000
|
| Size: |
12288
|
|
|
3529000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1406388689.0000000003529000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3529000
|
| Size: |
4096
|
|
|
7FF556128000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688289744.00007FF556128000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556128000
|
| Size: |
57344
|
|
|
720B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.000000000720B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
720B000
|
| Size: |
12288
|
|
|
2E13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1417210455.0000000002E13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E13000
|
| Size: |
200704
|
|
|
7610000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421027316.0000000007610000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7610000
|
| Size: |
36864
|
|
|
D222000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D222000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D222000
|
| Size: |
389120
|
|
|
96CE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096CE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96CE000
|
| Size: |
4096
|
|
|
7FF556665000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436879554.00007FF556665000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556665000
|
| Size: |
8192
|
|
|
3600000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1480319234.0000000003600000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3600000
|
| Size: |
1208320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
A6A6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676234676.000000000A6A6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A6A6000
|
| Size: |
8192
|
|
|
FC66000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1429252281.000000000FC66000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FC66000
|
| Size: |
16384
|
|
|
D7C1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2679528500.000000000D7C1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D7C1000
|
| Size: |
20480
|
|
|
1773000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1390661844.0000000001773000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1773000
|
| Size: |
229376
|
|
|
7FF55647B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690333764.00007FF55647B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55647B000
|
| Size: |
20480
|
|
|
887F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422086443.000000000887F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
887F000
|
| Size: |
4096
|
|
|
7FF556637000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691830056.00007FF556637000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556637000
|
| Size: |
4096
|
|
|
96E4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096E4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96E4000
|
| Size: |
4096
|
|
|
2E69000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669297458.0000000002E69000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E69000
|
| Size: |
28672
|
|
|
7DF4731D1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.2686752106.00007DF4731D1000.00000020.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7DF4731D1000
|
| Size: |
4096
|
|
|
7FF5565FB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436559776.00007FF5565FB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565FB000
|
| Size: |
8192
|
|
|
36D1000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2669148512.00000000036D1000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
36D1000
|
| Size: |
458752
|
|
|
7FF5566BF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692531533.00007FF5566BF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566BF000
|
| Size: |
16384
|
|
|
332D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1480576115.000000000332D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
332D000
|
| Size: |
458752
|
|
|
11A1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1418993705.00000000011A1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
11A1000
|
| Size: |
393216
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
D6C2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D6C2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D6C2000
|
| Size: |
430080
|
|
|
E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668975755.0000000000E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E00000
|
| Size: |
16384
|
|
|
7FF556571000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436188916.00007FF556571000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556571000
|
| Size: |
4096
|
|
|
711D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.000000000711D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
711D000
|
| Size: |
8192
|
|
|
96D8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096D8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96D8000
|
| Size: |
4096
|
|
|
7FF55662B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691830056.00007FF55662B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55662B000
|
| Size: |
16384
|
|
|
23F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1417364762.00000000023F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23F0000
|
| Size: |
4096
|
|
|
283F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1483266661.000000000283F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
283F000
|
| Size: |
4096
|
|
|
17B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1394180514.00000000017B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B3000
|
| Size: |
118784
|
|
|
3323000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1404643014.0000000003323000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3323000
|
| Size: |
507904
|
|
|
7FF556221000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433274139.00007FF556221000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556221000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2103763855.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
D357000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D357000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D357000
|
| Size: |
872448
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1772000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1390495503.0000000001772000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1772000
|
| Size: |
417792
|
|
|
7FF5565F9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691704643.00007FF5565F9000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565F9000
|
| Size: |
4096
|
|
|
7215000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007215000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7215000
|
| Size: |
131072
|
|
|
421D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401608398.000000000421D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
421D000
|
| Size: |
458752
|
|
|
7FF55672B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437801653.00007FF55672B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55672B000
|
| Size: |
24576
|
|
|
A00000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418525421.0000000000A00000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A00000
|
| Size: |
8192
|
|
|
5E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1898216180.0000000005E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E80000
|
| Size: |
172032
|
|
|
7FF5560DC000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432536114.00007FF5560DC000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560DC000
|
| Size: |
8192
|
|
|
6F65000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420271331.0000000006F65000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F65000
|
| Size: |
45056
|
|
|
9998000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009998000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9998000
|
| Size: |
4096
|
|
|
2E02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1479775874.0000000002E02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E02000
|
| Size: |
20480
|
|
|
7FF556635000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691830056.00007FF556635000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556635000
|
| Size: |
4096
|
|
|
7FF556680000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692231980.00007FF556680000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556680000
|
| Size: |
4096
|
|
|
7CDD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672543695.0000000007CDD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7CDD000
|
| Size: |
12288
|
|
|
7FF5566B5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692531533.00007FF5566B5000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566B5000
|
| Size: |
8192
|
|
|
D502000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D502000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D502000
|
| Size: |
4096
|
|
|
7640000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421070016.0000000007640000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7640000
|
| Size: |
4096
|
|
|
4596000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.0000000004596000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4596000
|
| Size: |
24576
|
|
|
A0A5000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.000000000A0A5000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A0A5000
|
| Size: |
40960
|
|
|
3980000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1471367705.0000000003980000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3980000
|
| Size: |
184320
|
|
|
6E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1418240590.00000000006E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6E0000
|
| Size: |
4096
|
|
|
D45F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D45F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D45F000
|
| Size: |
16384
|
|
|
8AF9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673574778.0000000008AF9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8AF9000
|
| Size: |
28672
|
|
|
7110000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007110000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7110000
|
| Size: |
12288
|
|
|
5E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1949780986.0000000005E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E80000
|
| Size: |
163840
|
|
|
7FF555F75000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687389473.00007FF555F75000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F75000
|
| Size: |
4096
|
|
|
7FF55616E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688526116.00007FF55616E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55616E000
|
| Size: |
8192
|
|
|
D2F1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D2F1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D2F1000
|
| Size: |
409600
|
|
|
7610000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672057323.0000000007610000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7610000
|
| Size: |
36864
|
|
|
A099000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.000000000A099000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A099000
|
| Size: |
4096
|
|
|
7FF55604D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687542834.00007FF55604D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55604D000
|
| Size: |
36864
|
|
|
D180000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D180000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D180000
|
| Size: |
327680
|
|
|
7FF55622C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433292217.00007FF55622C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55622C000
|
| Size: |
8192
|
|
|
4E60000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000002.00000000.1420145482.0000000004E60000.00000008.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
4E60000
|
| Size: |
286720
|
|
|
9F3F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009F3F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F3F000
|
| Size: |
12288
|
|
|
A6E4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676234676.000000000A6E4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A6E4000
|
| Size: |
61440
|
|
|
7FF556105000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432631281.00007FF556105000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556105000
|
| Size: |
40960
|
|
|
7FF5560FF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432631281.00007FF5560FF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560FF000
|
| Size: |
8192
|
|
|
17D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395154978.00000000017D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D5000
|
| Size: |
458752
|
|
|
D557000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D557000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D557000
|
| Size: |
4096
|
|
|
4073000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401086481.0000000004073000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4073000
|
| Size: |
507904
|
|
|
2CB5000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669262219.0000000002CB5000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CB5000
|
| Size: |
45056
|
|
|
7120000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007120000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7120000
|
| Size: |
8192
|
|
|
9FD2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009FD2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9FD2000
|
| Size: |
4096
|
|
|
9F64000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009F64000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F64000
|
| Size: |
258048
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1948537488.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
7FF555F2C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687281580.00007FF555F2C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F2C000
|
| Size: |
28672
|
|
|
7FF556112000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432631281.00007FF556112000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556112000
|
| Size: |
28672
|
|
|
2B20000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669185102.0000000002B20000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2B20000
|
| Size: |
4096
|
|
|
7118000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007118000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7118000
|
| Size: |
4096
|
|
|
450C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.000000000450C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
450C000
|
| Size: |
4096
|
|
|
AD8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668495957.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD8000
|
| Size: |
16384
|
|
|
A039000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.000000000A039000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A039000
|
| Size: |
4096
|
|
|
31F3000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.00000000031F3000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31F3000
|
| Size: |
4096
|
|
|
D80D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425592952.000000000D80D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D80D000
|
| Size: |
90112
|
|
|
17D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1390661844.00000000017D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D7000
|
| Size: |
450560
|
|
|
8FB0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2673804853.0000000008FB0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8FB0000
|
| Size: |
8192
|
|
|
D680000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D680000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D680000
|
| Size: |
122880
|
|
|
7FF55616C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688526116.00007FF55616C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55616C000
|
| Size: |
4096
|
|
|
7930000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1421271676.0000000007930000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7930000
|
| Size: |
8192
|
|
|
96F2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096F2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96F2000
|
| Size: |
4096
|
|
|
7940000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672383899.0000000007940000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7940000
|
| Size: |
4096
|
|
|
8C0B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422253329.0000000008C0B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8C0B000
|
| Size: |
20480
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2208044105.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
200704
|
|
|
A09D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.000000000A09D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A09D000
|
| Size: |
4096
|
|
|
BF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1418778487.0000000000BF0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
BF0000
|
| Size: |
8192
|
|
|
A630000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676234676.000000000A630000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A630000
|
| Size: |
4096
|
|
|
7FF556280000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689124638.00007FF556280000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556280000
|
| Size: |
4096
|
|
|
7FF5560D8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432412549.00007FF5560D8000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560D8000
|
| Size: |
4096
|
|
|
995E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.000000000995E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
995E000
|
| Size: |
122880
|
|
|
7FF55654C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436036097.00007FF55654C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55654C000
|
| Size: |
16384
|
|
|
2CB9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419191430.0000000002CB9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CB9000
|
| Size: |
28672
|
|
|
7FF556366000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689677486.00007FF556366000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556366000
|
| Size: |
4096
|
|
|
7FF55662B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436643944.00007FF55662B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55662B000
|
| Size: |
16384
|
|
|
7FF55617D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688602100.00007FF55617D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55617D000
|
| Size: |
12288
|
|
|
7AA0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2672487284.0000000007AA0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7AA0000
|
| Size: |
36864
|
|
|
31FA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.00000000031FA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31FA000
|
| Size: |
12288
|
|
|
DBB0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2680912365.000000000DBB0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DBB0000
|
| Size: |
8192
|
|
|
17D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395561403.00000000017D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D5000
|
| Size: |
458752
|
|
|
D5EB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D5EB000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D5EB000
|
| Size: |
4096
|
|
|
A6E4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424222322.000000000A6E4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A6E4000
|
| Size: |
61440
|
|
|
86C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668205559.000000000086C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
86C000
|
| Size: |
16384
|
|
|
3401000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1480264276.0000000003401000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3401000
|
| Size: |
8192
|
|
|
79DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421315092.00000000079DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
79DE000
|
| Size: |
8192
|
|
|
FC6B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2682138194.000000000FC6B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FC6B000
|
| Size: |
188416
|
|
|
7FF55671D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692733414.00007FF55671D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55671D000
|
| Size: |
20480
|
|
|
4630000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670926823.0000000004630000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
12288
|
|
|
D180000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D180000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D180000
|
| Size: |
327680
|
|
|
B05E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424506703.000000000B05E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B05E000
|
| Size: |
8192
|
|
|
B469000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676752062.000000000B469000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B469000
|
| Size: |
28672
|
|
|
321F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.000000000321F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
321F000
|
| Size: |
20480
|
|
|
A09D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.000000000A09D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A09D000
|
| Size: |
4096
|
|
|
7FF55631B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434050027.00007FF55631B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55631B000
|
| Size: |
4096
|
|
|
7FF5566AA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692377544.00007FF5566AA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566AA000
|
| Size: |
20480
|
|
|
99BB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000099BB000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
99BB000
|
| Size: |
8192
|
|
|
13DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1409269134.00000000013DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13DB000
|
| Size: |
20480
|
|
|
7FF556635000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436643944.00007FF556635000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556635000
|
| Size: |
4096
|
|
|
7FF5564A1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690447975.00007FF5564A1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564A1000
|
| Size: |
20480
|
|
|
177B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1414510584.000000000177B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
177B000
|
| Size: |
12288
|
|
|
7FF556396000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689806267.00007FF556396000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556396000
|
| Size: |
8192
|
|
|
7FF5566F5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437801653.00007FF5566F5000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566F5000
|
| Size: |
16384
|
|
|
421D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1402081770.000000000421D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
421D000
|
| Size: |
458752
|
|
|
7129000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007129000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7129000
|
| Size: |
4096
|
|
|
1796000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395252469.0000000001796000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1796000
|
| Size: |
65536
|
|
|
8B3B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673603879.0000000008B3B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8B3B000
|
| Size: |
204800
|
|
|
3218000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.0000000003218000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3218000
|
| Size: |
12288
|
|
|
7FF55666F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436908660.00007FF55666F000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55666F000
|
| Size: |
12288
|
|
|
9949000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009949000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9949000
|
| Size: |
81920
|
|
|
FC23000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1429252281.000000000FC23000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FC23000
|
| Size: |
217088
|
|
|
4566000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.0000000004566000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4566000
|
| Size: |
192512
|
|
|
96DE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096DE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96DE000
|
| Size: |
4096
|
|
|
8971000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673500154.0000000008971000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8971000
|
| Size: |
28672
|
|
|
2E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1479775874.0000000002E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E00000
|
| Size: |
4096
|
|
|
7FF5564A7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435260978.00007FF5564A7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564A7000
|
| Size: |
12288
|
|
|
8710000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673250312.0000000008710000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8710000
|
| Size: |
4096
|
|
|
B30000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000001.00000002.1478152020.0000000000B30000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
B30000
|
| Size: |
4096
|
|
|
3F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1404421866.0000000003F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F50000
|
| Size: |
1187840
|
|
|
7FF555E44000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687219325.00007FF555E44000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E44000
|
| Size: |
4096
|
|
|
788D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672227762.000000000788D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
788D000
|
| Size: |
12288
|
|
|
FCA2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1429252281.000000000FCA2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FCA2000
|
| Size: |
28672
|
|
|
7FF556526000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435790505.00007FF556526000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556526000
|
| Size: |
20480
|
|
|
BE8000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1479204619.0000000000BE8000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
BE8000
|
| Size: |
8192
|
|
|
75F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421002530.00000000075F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
75F7000
|
| Size: |
36864
|
|
|
7DF473191000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000000.1431772207.00007DF473191000.00000020.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7DF473191000
|
| Size: |
4096
|
|
|
7FF5564E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435462465.00007FF5564E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564E0000
|
| Size: |
4096
|
|
|
D55A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D55A000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D55A000
|
| Size: |
8192
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2629969629.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
208896
|
|
|
263E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1483184665.000000000263E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
263E000
|
| Size: |
8192
|
|
|
317D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.000000000317D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
317D000
|
| Size: |
36864
|
|
|
7FF556557000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436118252.00007FF556557000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556557000
|
| Size: |
12288
|
|
|
7FF556333000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434180481.00007FF556333000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556333000
|
| Size: |
4096
|
|
|
7DF4731C1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.2686645839.00007DF4731C1000.00000020.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7DF4731C1000
|
| Size: |
4096
|
|
|
C79000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418792940.0000000000C79000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C79000
|
| Size: |
28672
|
|
|
7FF5565E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436393836.00007FF5565E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565E0000
|
| Size: |
12288
|
|
|
BEB000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1479204619.0000000000BEB000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
BEB000
|
| Size: |
8192
|
|
|
7F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668398504.00000000007F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7F0000
|
| Size: |
24576
|
|
|
776A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421104197.000000000776A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
776A000
|
| Size: |
24576
|
|
|
7FF5560C8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432412549.00007FF5560C8000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560C8000
|
| Size: |
28672
|
|
|
7FF556369000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689701340.00007FF556369000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556369000
|
| Size: |
12288
|
|
|
D464000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D464000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D464000
|
| Size: |
4096
|
|
|
9EE2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009EE2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9EE2000
|
| Size: |
12288
|
|
|
17D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1391114974.00000000017D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D7000
|
| Size: |
450560
|
|
|
7FF555F6E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432162356.00007FF555F6E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F6E000
|
| Size: |
24576
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1481055755.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
249856
|
|
|
7FF5565E4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436393836.00007FF5565E4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565E4000
|
| Size: |
4096
|
|
|
9EB0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009EB0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9EB0000
|
| Size: |
4096
|
|
|
AD4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424437245.000000000AD4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AD4E000
|
| Size: |
8192
|
|
|
1FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1483007747.00000000001FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1FD000
|
| Size: |
12288
|
|
|
7FF5561BE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433158224.00007FF5561BE000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5561BE000
|
| Size: |
8192
|
|
|
7FF5562D2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689219246.00007FF5562D2000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562D2000
|
| Size: |
4096
|
|
|
7FF5564DB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690659237.00007FF5564DB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564DB000
|
| Size: |
16384
|
|
|
98C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1475753596.000000000098C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98C000
|
| Size: |
16384
|
|
|
7159000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007159000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7159000
|
| Size: |
45056
|
|
|
FC6B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1429252281.000000000FC6B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FC6B000
|
| Size: |
188416
|
|
|
31F1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.00000000031F1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31F1000
|
| Size: |
4096
|
|
|
7FF55667D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692231980.00007FF55667D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55667D000
|
| Size: |
4096
|
|
|
D7C1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425592952.000000000D7C1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D7C1000
|
| Size: |
20480
|
|
|
31FA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.00000000031FA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
31FA000
|
| Size: |
12288
|
|
|
D456000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D456000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D456000
|
| Size: |
20480
|
|
|
90F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422443173.00000000090F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
90F0000
|
| Size: |
8192
|
|
|
FFCE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1431608548.000000000FFCE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FFCE000
|
| Size: |
12288
|
|
|
7FF556163000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688371444.00007FF556163000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556163000
|
| Size: |
4096
|
|
|
7138000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007138000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7138000
|
| Size: |
4096
|
|
|
394F000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2669676878.000000000394F000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
394F000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
78E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2672296349.00000000078E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
78E0000
|
| Size: |
8192
|
|
|
2F6A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419239800.0000000002F6A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F6A000
|
| Size: |
24576
|
|
|
7FF55613C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432803623.00007FF55613C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55613C000
|
| Size: |
16384
|
|
|
7FF5564A7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690447975.00007FF5564A7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564A7000
|
| Size: |
12288
|
|
|
7FF556675000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436930041.00007FF556675000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556675000
|
| Size: |
4096
|
|
|
7FF556059000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432264726.00007FF556059000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556059000
|
| Size: |
4096
|
|
|
7FF556233000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433292217.00007FF556233000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556233000
|
| Size: |
8192
|
|
|
9F2C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009F2C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F2C000
|
| Size: |
4096
|
|
|
17D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1416860744.00000000017D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D5000
|
| Size: |
458752
|
|
|
3000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1479942117.0000000003000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3000000
|
| Size: |
53248
|
|
|
7FF5566DA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692619145.00007FF5566DA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566DA000
|
| Size: |
24576
|
|
|
7570000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420991753.0000000007570000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7570000
|
| Size: |
4096
|
|
|
110AF000
|
system
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2685348648.00000000110AF000.00000004.80000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page read and write
|
| Base address: |
110AF000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
FCB9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1429252281.000000000FCB9000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FCB9000
|
| Size: |
151552
|
|
|
7FF556188000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433087628.00007FF556188000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556188000
|
| Size: |
4096
|
|
|
A052000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.000000000A052000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A052000
|
| Size: |
12288
|
|
|
428E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1402081770.000000000428E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
428E000
|
| Size: |
24576
|
|
|
1890000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395121258.0000000001890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1890000
|
| Size: |
196608
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2259650001.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
7FF5566A3000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437090813.00007FF5566A3000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566A3000
|
| Size: |
24576
|
|
|
9F62000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009F62000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F62000
|
| Size: |
4096
|
|
|
93B9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673965551.00000000093B9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
93B9000
|
| Size: |
28672
|
|
|
87C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422041846.00000000087C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
87C0000
|
| Size: |
4096
|
|
|
18BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395499899.00000000018BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18BE000
|
| Size: |
8192
|
|
|
3120000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1419358244.0000000003120000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3120000
|
| Size: |
16384
|
|
|
D567000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D567000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D567000
|
| Size: |
4096
|
|
|
9E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423770949.0000000009E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9E3E000
|
| Size: |
8192
|
|
|
7FF556521000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690990726.00007FF556521000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556521000
|
| Size: |
8192
|
|
|
2C02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668640616.0000000002C02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C02000
|
| Size: |
20480
|
|
|
7620000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1421040340.0000000007620000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7620000
|
| Size: |
8192
|
|
|
8CF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1422307882.0000000008CF0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8CF0000
|
| Size: |
8192
|
|
|
301C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1471197583.000000000301C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
301C000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7FF5560B2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432312251.00007FF5560B2000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560B2000
|
| Size: |
20480
|
|
|
CB4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1389842265.0000000000CB4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CB4000
|
| Size: |
40960
|
|
|
86B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1421962085.00000000086B0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
86B0000
|
| Size: |
8192
|
|
|
7FF555E54000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687250826.00007FF555E54000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E54000
|
| Size: |
20480
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1999861926.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
96D6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096D6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96D6000
|
| Size: |
4096
|
|
|
9981000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.0000000009981000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9981000
|
| Size: |
8192
|
|
|
4F93000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671001116.0000000004F93000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4F93000
|
| Size: |
4096
|
|
|
7B60000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421388754.0000000007B60000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7B60000
|
| Size: |
32768
|
|
|
9CBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423628046.0000000009CBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9CBF000
|
| Size: |
4096
|
|
|
7FF556171000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688526116.00007FF556171000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556171000
|
| Size: |
8192
|
|
|
2E13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1417281037.0000000002E13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E13000
|
| Size: |
266240
|
|
|
D7DD000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2679528500.000000000D7DD000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D7DD000
|
| Size: |
192512
|
|
|
2A99000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419078313.0000000002A99000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A99000
|
| Size: |
28672
|
|
|
D1D1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D1D1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D1D1000
|
| Size: |
147456
|
|
|
7FF556282000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689124638.00007FF556282000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556282000
|
| Size: |
4096
|
|
|
7600000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672034651.0000000007600000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7600000
|
| Size: |
8192
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1685863706.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
196608
|
|
|
96EA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096EA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96EA000
|
| Size: |
4096
|
|
|
D0ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424671942.000000000D0ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D0ED000
|
| Size: |
12288
|
|
|
BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1635416965.0000000000BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
BB0000
|
| Size: |
184320
|
|
|
DB10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2680746368.000000000DB10000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
DB10000
|
| Size: |
8192
|
|
|
7FF556112000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688134897.00007FF556112000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556112000
|
| Size: |
28672
|
|
|
96EA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096EA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96EA000
|
| Size: |
4096
|
|
|
3F50000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401922109.0000000003F50000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
3F50000
|
| Size: |
1187840
|
|
|
87D0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1422056560.00000000087D0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
87D0000
|
| Size: |
8192
|
|
|
A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2418056507.0000000000A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
151552
|
|
|
421D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1404061510.000000000421D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
421D000
|
| Size: |
458752
|
|
|
7125000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007125000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7125000
|
| Size: |
12288
|
|
|
ADF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2668495957.0000000000ADF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ADF000
|
| Size: |
233472
|
|
|
D200000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D200000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D200000
|
| Size: |
86016
|
|
|
7FF556280000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433410063.00007FF556280000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556280000
|
| Size: |
4096
|
|
|
7FF5563A4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689806267.00007FF5563A4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563A4000
|
| Size: |
16384
|
|
|
7FF556165000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432867850.00007FF556165000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556165000
|
| Size: |
12288
|
|
|
A68E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676234676.000000000A68E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A68E000
|
| Size: |
4096
|
|
|
4219000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1404061510.0000000004219000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4219000
|
| Size: |
4096
|
|
|
7FF555F82000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687441116.00007FF555F82000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F82000
|
| Size: |
8192
|
|
|
9716000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009716000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9716000
|
| Size: |
270336
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
3140000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2669558687.0000000003140000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3140000
|
| Size: |
8192
|
|
|
3218000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669591368.0000000003218000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3218000
|
| Size: |
12288
|
|
|
C8F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1389842265.0000000000C8F000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
C8F000
|
| Size: |
147456
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1480915121.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
45C1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.00000000045C1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
45C1000
|
| Size: |
36864
|
|
|
7FF555F35000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687281580.00007FF555F35000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F35000
|
| Size: |
28672
|
|
|
8AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668247211.00000000008AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8AB000
|
| Size: |
20480
|
|
|
7FF556680000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436958887.00007FF556680000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556680000
|
| Size: |
4096
|
|
|
3017000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1405041399.0000000003017000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3017000
|
| Size: |
20480
|
|
|
45D0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670875997.00000000045D0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
45D0000
|
| Size: |
4096
|
|
|
7FF556422000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435001289.00007FF556422000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556422000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2155648612.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
212992
|
|
|
96BE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096BE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96BE000
|
| Size: |
16384
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2312406429.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
293F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1483325921.000000000293F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
293F000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1840013362.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
1748000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1414510584.0000000001748000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1748000
|
| Size: |
176128
|
|
|
7FF55667D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436958887.00007FF55667D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55667D000
|
| Size: |
4096
|
|
|
8CEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422287848.0000000008CEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8CEE000
|
| Size: |
8192
|
|
|
7F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418502908.00000000007F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7F0000
|
| Size: |
24576
|
|
|
B8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1479063457.0000000000B8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B8E000
|
| Size: |
8192
|
|
|
AFDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676591370.000000000AFDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AFDE000
|
| Size: |
8192
|
|
|
428E000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1401217983.000000000428E000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
428E000
|
| Size: |
24576
|
|
|
D61F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D61F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D61F000
|
| Size: |
8192
|
|
|
17D7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1391021031.00000000017D7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D7000
|
| Size: |
450560
|
|
|
5E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2670260881.0000000005E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E3E000
|
| Size: |
8192
|
|
|
99A8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000099A8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
99A8000
|
| Size: |
65536
|
|
|
45CC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.00000000045CC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
45CC000
|
| Size: |
12288
|
|
|
77F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2672204228.00000000077F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
77F0000
|
| Size: |
8192
|
|
|
9F04000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.0000000009F04000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F04000
|
| Size: |
102400
|
|
|
D7CB000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2679528500.000000000D7CB000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D7CB000
|
| Size: |
16384
|
|
|
7FF556571000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691293000.00007FF556571000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556571000
|
| Size: |
4096
|
|
|
AD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418577211.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD5000
|
| Size: |
8192
|
|
|
100E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2685127723.00000000100E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
100E0000
|
| Size: |
4096
|
|
|
7FF55660D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691830056.00007FF55660D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55660D000
|
| Size: |
32768
|
|
|
A670000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424222322.000000000A670000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A670000
|
| Size: |
4096
|
|
|
96F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96F0000
|
| Size: |
4096
|
|
|
177E000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1416806609.000000000177E000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
177E000
|
| Size: |
20480
|
|
|
17B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1394066141.00000000017B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B3000
|
| Size: |
118784
|
|
|
D845000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425592952.000000000D845000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D845000
|
| Size: |
12288
|
|
|
9F38000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009F38000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9F38000
|
| Size: |
20480
|
|
|
7FF55638C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689779016.00007FF55638C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55638C000
|
| Size: |
8192
|
|
|
1580000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1412583579.0000000001580000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
24576
|
|
|
77E8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672178782.00000000077E8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
77E8000
|
| Size: |
32768
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2468495421.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
212992
|
|
|
5E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2001096290.0000000005E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5E80000
|
| Size: |
159744
|
|
|
9BBD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675425436.0000000009BBD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9BBD000
|
| Size: |
12288
|
|
|
ABAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424377646.000000000ABAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ABAB000
|
| Size: |
20480
|
|
|
7FF5562FB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689328323.00007FF5562FB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562FB000
|
| Size: |
4096
|
|
|
7236000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007236000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7236000
|
| Size: |
94208
|
|
|
96DA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096DA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96DA000
|
| Size: |
4096
|
|
|
7FF55618E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688719118.00007FF55618E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55618E000
|
| Size: |
16384
|
|
|
D7B4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425592952.000000000D7B4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D7B4000
|
| Size: |
49152
|
|
|
D47A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D47A000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D47A000
|
| Size: |
4096
|
|
|
96D0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096D0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96D0000
|
| Size: |
4096
|
|
|
2FE3000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669339983.0000000002FE3000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2FE3000
|
| Size: |
53248
|
|
|
7D58000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672569318.0000000007D58000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D58000
|
| Size: |
32768
|
|
|
3209000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.0000000003209000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3209000
|
| Size: |
4096
|
|
|
17B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395561403.00000000017B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B3000
|
| Size: |
118784
|
|
|
A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2469751982.0000000000A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
151552
|
|
|
96E2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096E2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96E2000
|
| Size: |
4096
|
|
|
7FF55656D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436161718.00007FF55656D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55656D000
|
| Size: |
4096
|
|
|
D827000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2679528500.000000000D827000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D827000
|
| Size: |
57344
|
|
|
7FF5563F6000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434909979.00007FF5563F6000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563F6000
|
| Size: |
24576
|
|
|
7FF556665000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692151913.00007FF556665000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556665000
|
| Size: |
8192
|
|
|
7D60000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421461934.0000000007D60000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7D60000
|
| Size: |
5242880
|
|
|
7FF55616E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432980281.00007FF55616E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55616E000
|
| Size: |
8192
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1891168457.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
A048000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.000000000A048000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A048000
|
| Size: |
4096
|
|
|
7FF556557000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691234978.00007FF556557000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556557000
|
| Size: |
12288
|
|
|
77F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1421160630.00000000077F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
77F0000
|
| Size: |
8192
|
|
|
7FF5566FC000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437801653.00007FF5566FC000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566FC000
|
| Size: |
36864
|
|
|
D7C9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2679528500.000000000D7C9000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D7C9000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2629760960.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
196608
|
|
|
D824000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2679528500.000000000D824000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D824000
|
| Size: |
8192
|
|
|
A68A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676234676.000000000A68A000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A68A000
|
| Size: |
4096
|
|
|
17D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1395660304.00000000017D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17D6000
|
| Size: |
454656
|
|
|
3000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1474992659.0000000003000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3000000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
A50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1478116067.0000000000A50000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A50000
|
| Size: |
4096
|
|
|
8D89000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422326119.0000000008D89000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8D89000
|
| Size: |
28672
|
|
|
3000000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1419271204.0000000003000000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3000000
|
| Size: |
8192
|
|
|
712B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.000000000712B000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
712B000
|
| Size: |
4096
|
|
|
AF50000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424481207.000000000AF50000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
AF50000
|
| Size: |
4096
|
|
|
4596000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.0000000004596000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4596000
|
| Size: |
24576
|
|
|
100E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1431702600.00000000100E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
100E2000
|
| Size: |
24576
|
|
|
2500000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1417463173.0000000002500000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2500000
|
| Size: |
8192
|
|
|
7630000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2672102807.0000000007630000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7630000
|
| Size: |
4096
|
|
|
A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000002.1477859732.0000000000A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A00000
|
| Size: |
4096
|
|
|
D47A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D47A000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D47A000
|
| Size: |
4096
|
|
|
D554000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D554000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D554000
|
| Size: |
4096
|
|
|
7FF556169000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432867850.00007FF556169000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556169000
|
| Size: |
4096
|
|
|
BF0000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2668564463.0000000000BF0000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
BF0000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
D200000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D200000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D200000
|
| Size: |
86016
|
|
|
7FF55638C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434645011.00007FF55638C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55638C000
|
| Size: |
8192
|
|
|
7FF5560A7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687591807.00007FF5560A7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560A7000
|
| Size: |
36864
|
|
|
FFCE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2684286851.000000000FFCE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FFCE000
|
| Size: |
12288
|
|
|
9ED6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009ED6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9ED6000
|
| Size: |
4096
|
|
|
7FF5564ED000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435584675.00007FF5564ED000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564ED000
|
| Size: |
4096
|
|
|
DE8F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2680988196.000000000DE8F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DE8F000
|
| Size: |
4096
|
|
|
7FF5562D4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433631463.00007FF5562D4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562D4000
|
| Size: |
8192
|
|
|
7FF556202000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688867514.00007FF556202000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556202000
|
| Size: |
16384
|
|
|
96D8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096D8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96D8000
|
| Size: |
4096
|
|
|
7FF55604D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432264726.00007FF55604D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55604D000
|
| Size: |
36864
|
|
|
83EB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421896935.00000000083EB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
83EB000
|
| Size: |
20480
|
|
|
2B90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419143790.0000000002B90000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2B90000
|
| Size: |
4096
|
|
|
96D2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096D2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96D2000
|
| Size: |
4096
|
|
|
7FF55611B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688134897.00007FF55611B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55611B000
|
| Size: |
8192
|
|
|
3529000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2669148512.0000000003529000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3529000
|
| Size: |
4096
|
|
|
7940000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1421296691.0000000007940000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7940000
|
| Size: |
4096
|
|
|
D50000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2668816094.0000000000D50000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D50000
|
| Size: |
8192
|
|
|
7FF556348000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434296042.00007FF556348000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556348000
|
| Size: |
4096
|
|
|
FFA1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1431526581.000000000FFA1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FFA1000
|
| Size: |
24576
|
|
|
7FF55672B000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692733414.00007FF55672B000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55672B000
|
| Size: |
24576
|
|
|
372D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1480319234.000000000372D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
372D000
|
| Size: |
458752
|
|
|
7A60000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2672461695.0000000007A60000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7A60000
|
| Size: |
8192
|
|
|
AC29000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424394592.000000000AC29000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AC29000
|
| Size: |
28672
|
|
|
A630000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424222322.000000000A630000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A630000
|
| Size: |
4096
|
|
|
D445000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D445000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D445000
|
| Size: |
4096
|
|
|
3AC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1481150993.0000000003AC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3AC0000
|
| Size: |
65536
|
|
|
7FF55622F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433292217.00007FF55622F000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55622F000
|
| Size: |
12288
|
|
|
2C00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668640616.0000000002C00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C00000
|
| Size: |
4096
|
|
|
9700000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009700000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9700000
|
| Size: |
69632
|
|
|
A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2156695741.0000000000A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
151552
|
|
|
7FF55660D000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436643944.00007FF55660D000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55660D000
|
| Size: |
32768
|
|
|
10EB6000
|
system
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2685348648.0000000010EB6000.00000004.80000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page read and write
|
| Base address: |
10EB6000
|
| Size: |
4096
|
|
|
7FF5566EF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692619145.00007FF5566EF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566EF000
|
| Size: |
16384
|
|
|
459D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2670167630.000000000459D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
459D000
|
| Size: |
53248
|
|
|
179A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1394180514.000000000179A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
179A000
|
| Size: |
61440
|
|
|
7FF5566FA000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692733414.00007FF5566FA000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566FA000
|
| Size: |
4096
|
|
|
7236000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.0000000007236000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7236000
|
| Size: |
94208
|
|
|
7FF5566B8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2692531533.00007FF5566B8000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566B8000
|
| Size: |
12288
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1948708110.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
225280
|
|
|
86B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2673204407.00000000086B0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
86B0000
|
| Size: |
8192
|
|
|
7FF556440000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435001289.00007FF556440000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556440000
|
| Size: |
12288
|
|
|
2B18000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419101432.0000000002B18000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B18000
|
| Size: |
32768
|
|
|
F1F2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.2681035862.000000000F1F2000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
F1F2000
|
| Size: |
4096
|
|
|
6F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2668250482.00000000006F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6F0000
|
| Size: |
4096
|
|
|
7FF5564E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690659237.00007FF5564E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564E0000
|
| Size: |
4096
|
|
|
4F93000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420173651.0000000004F93000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4F93000
|
| Size: |
4096
|
|
|
71C7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671165074.00000000071C7000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
71C7000
|
| Size: |
266240
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
9895000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.0000000009895000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9895000
|
| Size: |
253952
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
7FF556338000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434228101.00007FF556338000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556338000
|
| Size: |
28672
|
|
|
7FF556577000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691319365.00007FF556577000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556577000
|
| Size: |
16384
|
|
|
D43D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1424719871.000000000D43D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D43D000
|
| Size: |
16384
|
|
|
7FF5564C4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435431638.00007FF5564C4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564C4000
|
| Size: |
12288
|
|
|
A691000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676234676.000000000A691000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A691000
|
| Size: |
73728
|
|
|
7FF556322000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689441107.00007FF556322000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556322000
|
| Size: |
8192
|
|
|
7FF5564AB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1435260978.00007FF5564AB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564AB000
|
| Size: |
16384
|
|
|
7FF55652E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691053089.00007FF55652E000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF55652E000
|
| Size: |
24576
|
|
|
7FF5562A7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433536697.00007FF5562A7000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5562A7000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1500885102.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
B1B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1418577211.0000000000B1B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B1B000
|
| Size: |
16384
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1737672092.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
7FF555F2C000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432091260.00007FF555F2C000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F2C000
|
| Size: |
28672
|
|
|
7FF556207000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1433241607.00007FF556207000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556207000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2051784014.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1626594651.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
1F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1417325149.0000000001F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1F3E000
|
| Size: |
8192
|
|
|
D836000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2679528500.000000000D836000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D836000
|
| Size: |
282624
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7FF5566BF000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437491147.00007FF5566BF000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566BF000
|
| Size: |
16384
|
|
|
7FF555F49000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432145708.00007FF555F49000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555F49000
|
| Size: |
16384
|
|
|
2E3B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668851764.0000000002E3B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E3B000
|
| Size: |
8192
|
|
|
5DFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2670231345.0000000005DFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DFF000
|
| Size: |
4096
|
|
|
2A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669150814.0000000002A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A1E000
|
| Size: |
8192
|
|
|
96DC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096DC000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96DC000
|
| Size: |
4096
|
|
|
D4F7000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D4F7000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D4F7000
|
| Size: |
28672
|
|
|
D80D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2679528500.000000000D80D000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D80D000
|
| Size: |
90112
|
|
|
3160000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.0000000003160000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3160000
|
| Size: |
114688
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
96C6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096C6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96C6000
|
| Size: |
20480
|
|
|
100EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1431702600.00000000100EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
100EA000
|
| Size: |
20480
|
|
|
B1DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676642006.000000000B1DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B1DB000
|
| Size: |
20480
|
|
|
322F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.000000000322F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
322F000
|
| Size: |
159744
|
|
|
7FF556600000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436602287.00007FF556600000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556600000
|
| Size: |
8192
|
|
|
7FF556346000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689550267.00007FF556346000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556346000
|
| Size: |
4096
|
|
|
82E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1421846393.00000000082E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
82E0000
|
| Size: |
8192
|
|
|
7FF556155000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688371444.00007FF556155000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556155000
|
| Size: |
32768
|
|
|
7FF5565EE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436511107.00007FF5565EE000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565EE000
|
| Size: |
8192
|
|
|
DA7A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2680590121.000000000DA7A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DA7A000
|
| Size: |
24576
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2312360121.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
69632
|
|
|
155E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1410849481.000000000155E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
155E000
|
| Size: |
8192
|
|
|
7FF556338000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689497533.00007FF556338000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556338000
|
| Size: |
28672
|
|
|
F8AC000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.2681220002.000000000F8AC000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
F8AC000
|
| Size: |
8192
|
|
|
96E6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096E6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96E6000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.2103993244.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
3200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1480576115.0000000003200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
44D0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.00000000044D0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
44D0000
|
| Size: |
20480
|
|
|
1400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1410078631.0000000001400000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1400000
|
| Size: |
4096
|
|
|
D554000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425297192.000000000D554000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D554000
|
| Size: |
4096
|
|
|
2BA0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2669234176.0000000002BA0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2BA0000
|
| Size: |
4096
|
|
|
87E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2673373103.00000000087E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
87E0000
|
| Size: |
8192
|
|
|
D6BF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2678437783.000000000D6BF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D6BF000
|
| Size: |
4096
|
|
|
6F90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671141813.0000000006F90000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6F90000
|
| Size: |
4096
|
|
|
D7C9000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1425592952.000000000D7C9000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D7C9000
|
| Size: |
4096
|
|
|
7FF556637000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1436643944.00007FF556637000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556637000
|
| Size: |
4096
|
|
|
4219000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1402081770.0000000004219000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
4219000
|
| Size: |
4096
|
|
|
7165000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.0000000007165000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7165000
|
| Size: |
282624
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3206000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419407494.0000000003206000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3206000
|
| Size: |
8192
|
|
|
8A7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422186664.0000000008A7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8A7B000
|
| Size: |
20480
|
|
|
7FF556526000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691020007.00007FF556526000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556526000
|
| Size: |
20480
|
|
|
23F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1483158201.00000000023F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23F0000
|
| Size: |
4096
|
|
|
7FF555E24000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687070999.00007FF555E24000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555E24000
|
| Size: |
69632
|
|
|
7FF556123000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1432803623.00007FF556123000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556123000
|
| Size: |
16384
|
|
|
3AD1000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1481150993.0000000003AD1000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3AD1000
|
| Size: |
4096
|
|
|
7FF5560B2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687591807.00007FF5560B2000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5560B2000
|
| Size: |
20480
|
|
|
9E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675548274.0000000009E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9E3E000
|
| Size: |
8192
|
|
|
9E90000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675595402.0000000009E90000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9E90000
|
| Size: |
16384
|
|
|
6F70000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2671117488.0000000006F70000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
6F70000
|
| Size: |
4096
|
|
|
2C13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000003.1840070409.0000000002C13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C13000
|
| Size: |
135168
|
|
|
7FF556496000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690389324.00007FF556496000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556496000
|
| Size: |
12288
|
|
|
A02F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1423836400.000000000A02F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
A02F000
|
| Size: |
4096
|
|
|
CC7000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1409175745.0000000000CC7000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CC7000
|
| Size: |
299008
|
|
|
7FF556391000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689806267.00007FF556391000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556391000
|
| Size: |
8192
|
|
|
930000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668365321.0000000000930000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
4096
|
|
|
7FF5564FB000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2690897182.00007FF5564FB000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5564FB000
|
| Size: |
4096
|
|
|
3AE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000001.00000002.1481203994.0000000003AE0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
3AE0000
|
| Size: |
65536
|
|
|
7FF556396000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1434672951.00007FF556396000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556396000
|
| Size: |
8192
|
|
|
421D000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1402968815.000000000421D000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
421D000
|
| Size: |
458752
|
|
|
3005000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1404939419.0000000003005000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3005000
|
| Size: |
49152
|
|
|
44C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419753862.00000000044C0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
44C0000
|
| Size: |
4096
|
|
|
4512000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.0000000004512000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4512000
|
| Size: |
4096
|
|
|
7FF556617000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691830056.00007FF556617000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556617000
|
| Size: |
53248
|
|
|
711A000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1420361027.000000000711A000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
711A000
|
| Size: |
8192
|
|
|
D1D1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2676958905.000000000D1D1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
D1D1000
|
| Size: |
147456
|
|
|
CBE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1409153325.0000000000CBE000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
CBE000
|
| Size: |
36864
|
|
|
3005000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1405015132.0000000003005000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3005000
|
| Size: |
49152
|
|
|
7FF5566B5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1437491147.00007FF5566B5000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5566B5000
|
| Size: |
8192
|
|
|
96D4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1422527443.00000000096D4000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96D4000
|
| Size: |
4096
|
|
|
FFA1000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2684026733.000000000FFA1000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
FFA1000
|
| Size: |
24576
|
|
|
3140000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1419392350.0000000003140000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3140000
|
| Size: |
8192
|
|
|
9ED2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2675618952.0000000009ED2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
9ED2000
|
| Size: |
4096
|
|
|
2E29000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2668785527.0000000002E29000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E29000
|
| Size: |
12288
|
|
|
3756000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2669676878.0000000003756000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
3756000
|
| Size: |
4096
|
|
|
7FF5563E4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2689974781.00007FF5563E4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5563E4000
|
| Size: |
24576
|
|
|
7FF556630000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691830056.00007FF556630000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556630000
|
| Size: |
4096
|
|
|
45B0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000000.1419768946.00000000045B0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
45B0000
|
| Size: |
16384
|
|
|
3200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1404643014.0000000003200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7DF473190000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2685805066.00007DF473190000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7DF473190000
|
| Size: |
4096
|
|
|
7FF555FF4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2687491601.00007FF555FF4000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF555FF4000
|
| Size: |
8192
|
|
|
96E6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096E6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96E6000
|
| Size: |
4096
|
|
|
17AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1390582986.00000000017AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17AB000
|
| Size: |
630784
|
|
|
7DF4731B1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000002.00000002.2686579541.00007DF4731B1000.00000020.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
7DF4731B1000
|
| Size: |
4096
|
|
|
96AA000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.2673999984.00000000096AA000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
96AA000
|
| Size: |
8192
|
|
|
7FF556102000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2688134897.00007FF556102000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF556102000
|
| Size: |
4096
|
|
|
2E13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000001.00000003.1412401631.0000000002E13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
1
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E13000
|
| Size: |
253952
|
|
|
7FF5565A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000002.2691429659.00007FF5565A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7FF5565A0000
|
| Size: |
4096
|
|
