|
2B90000
|
system
|
page execute and read and write
|
 |
|
|
| Name: |
00000008.00000002.2480301327.0000000002B90000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
2B90000
|
| Size: |
278528
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
36D0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2482791837.00000000036D0000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
36D0000
|
| Size: |
5713920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
51000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1694455454.0000000000051000.00000040.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
51000
|
| Size: |
286720
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
68F0000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1699741449.00000000068F0000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
68F0000
|
| Size: |
278528
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
2750000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1695148193.0000000002750000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
2750000
|
| Size: |
5713920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2481831657.0000000003160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3160000
|
| Size: |
278528
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
4A60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2482100225.0000000004A60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A60000
|
| Size: |
278528
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
1B88CEC4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1935906997.000001B88CEC4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CEC4000
|
| Size: |
24576
|
|
|
7F13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007F13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F13000
|
| Size: |
32768
|
|
|
2EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480519236.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EE0000
|
| Size: |
16384
|
|
|
2D60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762540517.0000000002D60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D60000
|
| Size: |
8192
|
|
|
7ED7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007ED7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7ED7000
|
| Size: |
8192
|
|
|
319000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2480444706.0000000000319000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
319000
|
| Size: |
61440
|
|
|
7EAB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007EAB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EAB000
|
| Size: |
4096
|
|
|
2CB0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762504778.0000000002CB0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2CB0000
|
| Size: |
4096
|
|
|
2CD9000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1695148193.0000000002CD9000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
2CD9000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867556086.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
119F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601956297.000000000119F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
119F000
|
| Size: |
4096
|
|
|
1531000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601979012.0000000001531000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1531000
|
| Size: |
344064
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
1B88B313000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985529847.000001B88B313000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B88B313000
|
| Size: |
32768
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870101333.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1610548311.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
1265000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481579227.0000000001265000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1265000
|
| Size: |
12288
|
|
|
1530000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2481960195.0000000001530000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1530000
|
| Size: |
348160
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
151F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585071529.000000000151F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151F000
|
| Size: |
24576
|
|
|
1B88B2E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985529847.000001B88B2E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B88B2E7000
|
| Size: |
73728
|
|
|
1B88B1C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985498696.000001B88B1C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B88B1C0000
|
| Size: |
4096
|
|
|
2D50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762518020.0000000002D50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D50000
|
| Size: |
8192
|
|
|
1120000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762286876.0000000001120000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1120000
|
| Size: |
4096
|
|
|
A60000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601774206.0000000000A60000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A60000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870249527.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867654898.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
2A7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1602020447.0000000002A7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A7F000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869825048.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
297E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1602008818.000000000297E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
297E000
|
| Size: |
8192
|
|
|
4142000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1695148193.0000000004142000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
4142000
|
| Size: |
10485760
|
|
|
18A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762471202.00000000018A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
18A0000
|
| Size: |
348160
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
3080000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1694987609.0000000003080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3080000
|
| Size: |
24576
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870070117.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4E6E000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2482536668.0000000004E6E000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E6E000
|
| Size: |
1220608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4B42000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1695148193.0000000004B42000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
4B42000
|
| Size: |
6307840
|
|
|
857F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2486025167.000000000857F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
857F000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870132353.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
3624000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2483025387.0000000003624000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3624000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868751654.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
50E2000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2483248758.00000000050E2000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
50E2000
|
| Size: |
8192
|
|
|
131E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481949457.000000000131E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
131E000
|
| Size: |
94208
|
|
|
12AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481717479.00000000012AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12AE000
|
| Size: |
8192
|
|
|
3742000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1695148193.0000000003742000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3742000
|
| Size: |
10485760
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867922355.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
2CC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2482667157.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CC4000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870542924.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869290923.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867592013.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1260000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762354668.0000000001260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1260000
|
| Size: |
20480
|
|
|
4F9D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2482536668.0000000004F9D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F9D000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868958860.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866924952.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868994270.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1732000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1584878103.0000000001732000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1732000
|
| Size: |
512000
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
313A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.000000000313A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
313A000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
E30000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601844950.0000000000E30000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E30000
|
| Size: |
4096
|
|
|
D50000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762217232.0000000000D50000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D50000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1882144318.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
DDA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2480713024.0000000000DDA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DDA000
|
| Size: |
24576
|
|
|
17FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694657378.00000000017FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17FF000
|
| Size: |
4096
|
|
|
2F62000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762635104.0000000002F62000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2F62000
|
| Size: |
4096
|
|
|
1D00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1597963620.0000000001D00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1D00000
|
| Size: |
159744
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1882012259.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
EB8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2480786149.0000000000EB8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
EB8000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870574946.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
1A89000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1694698595.0000000001A89000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A89000
|
| Size: |
4096
|
|
|
7E82000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007E82000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E82000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869176990.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
30F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601710606.000000000030F000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
30F000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7F70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2485685105.0000000007F70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F70000
|
| Size: |
4096
|
|
|
1B88B2A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985515747.000001B88B2A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B88B2A0000
|
| Size: |
8192
|
|
|
7F03000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007F03000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F03000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1702394932.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
810D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2485810561.000000000810D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
810D000
|
| Size: |
12288
|
|
|
4C10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1708617256.0000000004C10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
155648
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1610618349.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
300000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2480090886.0000000000300000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
300000
|
| Size: |
4096
|
|
|
A50000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2480609094.0000000000A50000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A50000
|
| Size: |
4096
|
|
|
5AC2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2482791837.0000000005AC2000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5AC2000
|
| Size: |
6307840
|
|
|
7F80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2485728446.0000000007F80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F80000
|
| Size: |
4096
|
|
|
5670000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2484249497.0000000005670000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
5670000
|
| Size: |
360448
|
|
|
E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2481577071.0000000000E90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E90000
|
| Size: |
32768
|
|
|
7E7D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1871304633.0000000007E7D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E7D000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
50C2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2482791837.00000000050C2000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
50C2000
|
| Size: |
10485760
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1865698004.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1865944269.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
51000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1243694734.0000000000051000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
51000
|
| Size: |
286720
|
|
|
151F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585169236.000000000151F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151F000
|
| Size: |
24576
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868844310.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
3080000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1695207004.0000000003080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3080000
|
| Size: |
24576
|
|
|
3086000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1695144548.0000000003086000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3086000
|
| Size: |
20480
|
|
|
56C9000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2484249497.00000000056C9000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
56C9000
|
| Size: |
4096
|
|
|
300000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2480089350.0000000000300000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
300000
|
| Size: |
4096
|
|
|
3080000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1695245209.0000000003080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3080000
|
| Size: |
24576
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867481722.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
E9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2481577071.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E9E000
|
| Size: |
90112
|
|
|
151B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585140630.000000000151B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151B000
|
| Size: |
20480
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867404382.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867452747.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
BCC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601796402.0000000000BCC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BCC000
|
| Size: |
16384
|
|
|
323C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762635104.000000000323C000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
323C000
|
| Size: |
339968
|
|
|
1CA2000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1694698595.0000000001CA2000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1CA2000
|
| Size: |
40960
|
|
|
1B88CD21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985668067.000001B88CD21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CD21000
|
| Size: |
4096
|
|
|
2E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2482864782.0000000002E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E6F000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870517169.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866836057.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
301000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000009.00000002.2480224536.0000000000301000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
301000
|
| Size: |
57344
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869250185.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
7EC7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007EC7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EC7000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868194378.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867955854.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869959889.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
314A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.000000000314A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
314A000
|
| Size: |
86016
|
|
|
1140000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481281931.0000000001140000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1140000
|
| Size: |
4096
|
|
|
319000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762203180.0000000000319000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
319000
|
| Size: |
61440
|
|
|
1510000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2482313205.0000000001510000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1510000
|
| Size: |
36864
|
|
|
7EDA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007EDA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EDA000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
598F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2484795670.000000000598F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
598F000
|
| Size: |
4096
|
|
|
2CD0000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2482791837.0000000002CD0000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
2CD0000
|
| Size: |
10485760
|
|
|
1B88B310000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985529847.000001B88B310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B88B310000
|
| Size: |
4096
|
|
|
EC6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2481821395.0000000000EC6000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
EC6000
|
| Size: |
8192
|
|
|
1B88CD00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985655524.000001B88CD00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CD00000
|
| Size: |
4096
|
|
|
1339000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481949457.0000000001339000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1339000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
12EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762379128.00000000012EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12EE000
|
| Size: |
8192
|
|
|
3022000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2483025387.0000000003022000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3022000
|
| Size: |
8192
|
|
|
3C59000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2482791837.0000000003C59000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3C59000
|
| Size: |
4096
|
|
|
497B7FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985353537.000000497B7FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
497B7FB000
|
| Size: |
20480
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866559613.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762518020.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869885325.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
814E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2485862734.000000000814E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
814E000
|
| Size: |
8192
|
|
|
14B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694567229.00000000014B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14B0000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1711510438.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
212992
|
|
|
EB2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2480786149.0000000000EB2000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
EB2000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870275251.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
E10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601825079.0000000000E10000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E10000
|
| Size: |
4096
|
|
|
307B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1695034313.000000000307B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
307B000
|
| Size: |
4096
|
|
|
7ECD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007ECD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7ECD000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870456390.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
7EA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007EA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EA6000
|
| Size: |
12288
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870687487.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2480958384.0000000000E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E00000
|
| Size: |
20480
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1882084139.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
2EE4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1702309951.0000000002EE4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EE4000
|
| Size: |
4096
|
|
|
1600000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694643328.0000000001600000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1600000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866808455.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867034805.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868230490.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868619540.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
30FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.00000000030FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30FE000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870780202.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
1B88CD0F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985668067.000001B88CD0F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CD0F000
|
| Size: |
24576
|
|
|
151F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585048474.000000000151F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151F000
|
| Size: |
24576
|
|
|
3030000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480664048.0000000003030000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3030000
|
| Size: |
4096
|
|
|
E20000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2481107148.0000000000E20000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E20000
|
| Size: |
4096
|
|
|
4A87000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1694734679.0000000004A87000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A87000
|
| Size: |
512000
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1865586289.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
3075000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1695170563.0000000003075000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3075000
|
| Size: |
28672
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1864883406.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1510000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762458450.0000000001510000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1510000
|
| Size: |
36864
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867845187.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
EB5000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2480786149.0000000000EB5000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
EB5000
|
| Size: |
4096
|
|
|
4AB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2482228950.0000000004AB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4AB0000
|
| Size: |
94208
|
|
|
1240000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481502846.0000000001240000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1240000
|
| Size: |
4096
|
|
|
312E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.000000000312E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
312E000
|
| Size: |
12288
|
|
|
5012000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2482536668.0000000005012000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5012000
|
| Size: |
40960
|
|
|
ACA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2480783031.0000000000ACA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACA000
|
| Size: |
24576
|
|
|
1B88B090000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1985415667.000001B88B090000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
1B88B090000
|
| Size: |
552960
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1881951367.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4B60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2482327686.0000000004B60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4B60000
|
| Size: |
94208
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868537262.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868016993.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
56ED000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2484249497.00000000056ED000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
56ED000
|
| Size: |
4096
|
|
|
E40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2481264177.0000000000E40000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E40000
|
| Size: |
4096
|
|
|
1120000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2481142151.0000000001120000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1120000
|
| Size: |
4096
|
|
|
7F07000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1881491589.0000000007F07000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F07000
|
| Size: |
4096
|
|
|
1B88CECE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1935887497.000001B88CECE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CECE000
|
| Size: |
4096
|
|
|
316000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601724189.0000000000316000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
316000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868702924.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867092839.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
11A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2481889540.00000000011A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
11A0000
|
| Size: |
36864
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1882112357.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
151F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585212170.000000000151F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151F000
|
| Size: |
24576
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869146639.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1516000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585127693.0000000001516000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1516000
|
| Size: |
36864
|
|
|
E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601814222.0000000000E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E00000
|
| Size: |
20480
|
|
|
A40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601750863.0000000000A40000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A40000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866383427.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
131A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481949457.000000000131A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
131A000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1871053652.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4CBD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1697109184.0000000004CBD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4CBD000
|
| Size: |
24576
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866420575.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
307B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1695207004.000000000307B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
307B000
|
| Size: |
4096
|
|
|
301000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000007.00000000.1601692162.0000000000301000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
301000
|
| Size: |
57344
|
|
|
1B88B127000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1985415667.000001B88B127000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
1B88B127000
|
| Size: |
4096
|
|
|
513C000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2483248758.000000000513C000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
513C000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867008296.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870196217.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867173550.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
2CD0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2482625295.0000000002CD0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2CD0000
|
| Size: |
4096
|
|
|
307C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2483025387.000000000307C000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
307C000
|
| Size: |
8192
|
|
|
2D50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2482758399.0000000002D50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D50000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869334460.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870756950.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
2AA0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2482209208.0000000002AA0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2AA0000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868154546.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
E20000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601834813.0000000000E20000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E20000
|
| Size: |
4096
|
|
|
14C0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1590494984.00000000014C0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
14C0000
|
| Size: |
159744
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867814507.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870910590.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
12F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762390915.00000000012F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
12F0000
|
| Size: |
16384
|
|
|
1D00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1651817898.0000000001D00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1D00000
|
| Size: |
159744
|
|
|
497BFFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985372552.000000497BFFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
497BFFD000
|
| Size: |
12288
|
|
|
1B88B2E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985529847.000001B88B2E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B88B2E0000
|
| Size: |
24576
|
|
|
2D42000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1695148193.0000000002D42000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
2D42000
|
| Size: |
10485760
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868044692.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1865858653.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
80CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2485772477.00000000080CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
80CC000
|
| Size: |
16384
|
|
|
2A80000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2482141124.0000000002A80000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2A80000
|
| Size: |
16384
|
|
|
3145000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.0000000003145000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3145000
|
| Size: |
12288
|
|
|
11A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601965645.00000000011A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
11A0000
|
| Size: |
36864
|
|
|
183E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694671012.000000000183E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
183E000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866658230.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
B022000
|
system
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1984399994.000000000B022000.00000004.80000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page read and write
|
| Base address: |
B022000
|
| Size: |
4096
|
|
|
1110000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2481064868.0000000001110000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1110000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866346206.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
2B2B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480098629.0000000002B2B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B2B000
|
| Size: |
20480
|
|
|
3086000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1694963328.0000000003086000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3086000
|
| Size: |
20480
|
|
|
2D60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2482833596.0000000002D60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D60000
|
| Size: |
12288
|
|
|
584C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2484660810.000000000584C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
584C000
|
| Size: |
16384
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867120303.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
2B68000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480226827.0000000002B68000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2B68000
|
| Size: |
32768
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870405971.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868411567.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1231000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762332194.0000000001231000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1231000
|
| Size: |
12288
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870933252.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
7EFE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007EFE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EFE000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870629180.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870040184.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
5A08000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2483248758.0000000005A08000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
5A08000
|
| Size: |
4096
|
|
|
1B88B124000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.1985415667.000001B88B124000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
1B88B124000
|
| Size: |
4096
|
|
|
7EC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007EC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EC0000
|
| Size: |
16384
|
|
|
37B6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2483025387.00000000037B6000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
37B6000
|
| Size: |
8192
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1590767796.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
7EFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1881491589.0000000007EFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EFA000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1711650035.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
D70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2480656515.0000000000D70000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D70000
|
| Size: |
4096
|
|
|
1C2D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1694698595.0000000001C2D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1C2D000
|
| Size: |
4096
|
|
|
E50000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2481350102.0000000000E50000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E50000
|
| Size: |
4096
|
|
|
316000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2480399405.0000000000316000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
316000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1881916207.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
18E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1586739541.00000000018E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18E4000
|
| Size: |
458752
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867064464.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1864849246.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1231000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2481426501.0000000001231000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1231000
|
| Size: |
12288
|
|
|
136B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694519555.000000000136B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
136B000
|
| Size: |
20480
|
|
|
150F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762446461.000000000150F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
150F000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1871111139.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866301633.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
7ED2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007ED2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7ED2000
|
| Size: |
12288
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867287061.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
7EA1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007EA1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EA1000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870811840.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
7EBD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007EBD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EBD000
|
| Size: |
8192
|
|
|
1601000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1586920961.0000000001601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1601000
|
| Size: |
65536
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869022578.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
50000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1243679119.0000000000050000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
50000
|
| Size: |
4096
|
|
|
7E7F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007E7F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E7F000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867233742.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
D50000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2480519022.0000000000D50000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D50000
|
| Size: |
4096
|
|
|
7EE6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007EE6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EE6000
|
| Size: |
32768
|
|
|
316000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2480382414.0000000000316000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
316000
|
| Size: |
8192
|
|
|
1220000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762320984.0000000001220000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1220000
|
| Size: |
4096
|
|
|
193E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694685156.000000000193E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
193E000
|
| Size: |
8192
|
|
|
1C31000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1694698595.0000000001C31000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1C31000
|
| Size: |
458752
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
301000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000009.00000000.1762161543.0000000000301000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
301000
|
| Size: |
57344
|
|
|
2D2C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2482689354.0000000002D2C000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2D2C000
|
| Size: |
16384
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867146603.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
97000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1694484484.0000000000097000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
97000
|
| Size: |
45056
|
|
|
497CFFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985400809.000000497CFFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
497CFFE000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867696715.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870961718.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1CB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1695086963.0000000001CB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1CB0000
|
| Size: |
278528
|
|
|
1B88CB20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1934905617.000001B88CB20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CB20000
|
| Size: |
4096
|
|
|
E61000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601883544.0000000000E61000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E61000
|
| Size: |
12288
|
|
|
1B88CD0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985668067.000001B88CD0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CD0A000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870838514.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
2CC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1602129697.0000000002CC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CC0000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869458031.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
13A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694533732.00000000013A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A0000
|
| Size: |
16384
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869718670.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866780599.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4C4C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1697109184.0000000004C4C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C4C000
|
| Size: |
458752
|
|
|
316000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762190097.0000000000316000.00000004.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
316000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870602648.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
DDA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762251235.0000000000DDA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DDA000
|
| Size: |
24576
|
|
|
2D54000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2482758399.0000000002D54000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D54000
|
| Size: |
4096
|
|
|
3000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480591513.0000000003000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3000000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869208093.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1524000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1694398153.0000000001524000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1524000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
109E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601945337.000000000109E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
109E000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870656195.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
151C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1694398153.000000000151C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151C000
|
| Size: |
4096
|
|
|
3077000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.0000000003077000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3077000
|
| Size: |
364544
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
131E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762404162.000000000131E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
131E000
|
| Size: |
90112
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869996140.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1586934588.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
1310000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481949457.0000000001310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1310000
|
| Size: |
32768
|
|
|
1220000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481350150.0000000001220000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1220000
|
| Size: |
4096
|
|
|
1B88CD17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985668067.000001B88CD17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CD17000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870484744.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868887439.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
D60000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762228734.0000000000D60000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D60000
|
| Size: |
4096
|
|
|
1B88CD03000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985668067.000001B88CD03000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CD03000
|
| Size: |
16384
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870380846.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
126C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694500599.000000000126C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
126C000
|
| Size: |
16384
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1865746461.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869761425.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
300000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762145737.0000000000300000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
300000
|
| Size: |
4096
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1694353183.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
18A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2482384543.00000000018A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
18A0000
|
| Size: |
348160
|
|
|
EC8000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1621515488.0000000000EC8000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
EC8000
|
| Size: |
4096
|
|
|
3160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1701566726.0000000003160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3160000
|
| Size: |
155648
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868483718.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
B2FC000
|
system
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1984399994.000000000B2FC000.00000004.80000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page read and write
|
| Base address: |
B2FC000
|
| Size: |
339968
|
|
|
497C7FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985386862.000000497C7FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
497C7FE000
|
| Size: |
8192
|
|
|
A50000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601764140.0000000000A50000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A50000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866896516.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
7F00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1881491589.0000000007F00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F00000
|
| Size: |
4096
|
|
|
E70000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2481498350.0000000000E70000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E70000
|
| Size: |
4096
|
|
|
1A8D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1694698595.0000000001A8D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A8D000
|
| Size: |
458752
|
|
|
E9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601908888.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E9E000
|
| Size: |
90112
|
|
|
4C8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2482427133.0000000004C8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4C8E000
|
| Size: |
8192
|
|
|
1525000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585035556.0000000001525000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1525000
|
| Size: |
20480
|
|
|
1D50000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1695148193.0000000001D50000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
1D50000
|
| Size: |
10485760
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1865551838.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870163782.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1865634559.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869912688.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
EB4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000003.1621490122.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EB4000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866606007.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
30F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762176946.000000000030F000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
30F000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2E70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762562982.0000000002E70000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2E70000
|
| Size: |
925696
|
|
|
46C2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2482791837.00000000046C2000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
46C2000
|
| Size: |
10485760
|
|
|
81F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2485994364.00000000081F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
81F0000
|
| Size: |
4096
|
|
|
81CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2485963426.00000000081CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81CE000
|
| Size: |
8192
|
|
|
2AF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2482357716.0000000002AF0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2AF0000
|
| Size: |
925696
|
|
|
1601000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1590724796.0000000001601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1601000
|
| Size: |
217088
|
|
|
E10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2481026727.0000000000E10000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E10000
|
| Size: |
4096
|
|
|
30F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2480293971.000000000030F000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
30F000
|
| Size: |
28672
|
|
|
1B88CE01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985741754.000001B88CE01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CE01000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868784547.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869394172.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866693648.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
D60000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2480585365.0000000000D60000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D60000
|
| Size: |
4096
|
|
|
2CB0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2482504631.0000000002CB0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2CB0000
|
| Size: |
4096
|
|
|
97000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1243730394.0000000000097000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
97000
|
| Size: |
45056
|
|
|
7EEE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1881491589.0000000007EEE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EEE000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870887051.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
1D00000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1594998142.0000000001D00000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1D00000
|
| Size: |
159744
|
|
|
2E10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480446369.0000000002E10000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E10000
|
| Size: |
4096
|
|
|
7E89000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007E89000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E89000
|
| Size: |
8192
|
|
|
151D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1651763251.000000000151D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151D000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2A80000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1602030259.0000000002A80000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2A80000
|
| Size: |
16384
|
|
|
85BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2486058559.00000000085BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
85BE000
|
| Size: |
8192
|
|
|
4C10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1764365086.0000000004C10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
155648
|
|
|
5022000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2483248758.0000000005022000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
5022000
|
| Size: |
4096
|
|
|
1310000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762404162.0000000001310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1310000
|
| Size: |
32768
|
|
|
131A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762404162.000000000131A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
131A000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867779335.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867205049.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
3060000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.0000000003060000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3060000
|
| Size: |
24576
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1610604540.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867313121.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866752639.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
2AA0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1602042175.0000000002AA0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2AA0000
|
| Size: |
4096
|
|
|
ACA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601784772.0000000000ACA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
ACA000
|
| Size: |
24576
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869789348.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1864798728.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1260000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481579227.0000000001260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1260000
|
| Size: |
16384
|
|
|
E9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601908888.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E9A000
|
| Size: |
8192
|
|
|
4DFD000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2482536668.0000000004DFD000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DFD000
|
| Size: |
458752
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869519219.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
2CC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2482667157.0000000002CC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CC0000
|
| Size: |
8192
|
|
|
3080000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1695170563.0000000003080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3080000
|
| Size: |
24576
|
|
|
1B88CC00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985642702.000001B88CC00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CC00000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870328368.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
3080000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1695034313.0000000003080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3080000
|
| Size: |
24576
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868569031.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1240000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762343565.0000000001240000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1240000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866490588.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
D70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762239945.0000000000D70000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D70000
|
| Size: |
4096
|
|
|
1B88B30C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985529847.000001B88B30C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B88B30C000
|
| Size: |
4096
|
|
|
3CC2000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.2482791837.0000000003CC2000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3CC2000
|
| Size: |
10485760
|
|
|
150F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2482263722.000000000150F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
150F000
|
| Size: |
4096
|
|
|
3080000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1695085929.0000000003080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3080000
|
| Size: |
24576
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870431043.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
E40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601855237.0000000000E40000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E40000
|
| Size: |
4096
|
|
|
1955000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1586739541.0000000001955000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1955000
|
| Size: |
24576
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1865909090.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
150A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694595784.000000000150A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
150A000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866980234.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1865827227.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4FA1000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2482536668.0000000004FA1000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FA1000
|
| Size: |
458752
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1871031507.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
3124000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.0000000003124000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3124000
|
| Size: |
4096
|
|
|
7E8D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007E8D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E8D000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868663651.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
50000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1694441133.0000000000050000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
50000
|
| Size: |
4096
|
|
|
3948000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2483025387.0000000003948000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3948000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869611731.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4B1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1697109184.0000000004B1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B1F000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2EE4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1702268832.0000000002EE4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EE4000
|
| Size: |
4096
|
|
|
3075000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1694987609.0000000003075000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3075000
|
| Size: |
28672
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868365174.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
E70000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601898880.0000000000E70000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E70000
|
| Size: |
4096
|
|
|
E30000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2481190977.0000000000E30000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E30000
|
| Size: |
4096
|
|
|
319000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2480461606.0000000000319000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
319000
|
| Size: |
61440
|
|
|
85FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2486092748.00000000085FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
85FF000
|
| Size: |
4096
|
|
|
2AE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2482282730.0000000002AE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AE0000
|
| Size: |
8192
|
|
|
160F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1584878103.000000000160F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
160F000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585169236.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
28672
|
|
|
12EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481797591.00000000012EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12EE000
|
| Size: |
8192
|
|
|
151A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585190826.000000000151A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151A000
|
| Size: |
4096
|
|
|
4DF9000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2482536668.0000000004DF9000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DF9000
|
| Size: |
4096
|
|
|
E50000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601870819.0000000000E50000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
E50000
|
| Size: |
4096
|
|
|
7F0B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007F0B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F0B000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868259395.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
7E84000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007E84000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E84000
|
| Size: |
12288
|
|
|
588E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2484708247.000000000588E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
588E000
|
| Size: |
8192
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1610632174.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
A60000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2480706824.0000000000A60000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A60000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867619842.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
18E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1586739541.00000000018E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18E0000
|
| Size: |
4096
|
|
|
30D8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.00000000030D8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30D8000
|
| Size: |
151552
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1B88CB10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985629271.000001B88CB10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B88CB10000
|
| Size: |
12288
|
|
|
2AE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1602052178.0000000002AE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2AE0000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1697452752.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
65536
|
|
|
5876000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2483248758.0000000005876000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
5876000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870734039.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1864914358.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1871648093.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1B88CB20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1934948836.000001B88CB20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CB20000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869055925.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
56D1000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2484249497.00000000056D1000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
56D1000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4C48000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1697109184.0000000004C48000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C48000
|
| Size: |
4096
|
|
|
1140000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762308501.0000000001140000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1140000
|
| Size: |
4096
|
|
|
30F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2480300026.000000000030F000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
30F000
|
| Size: |
28672
|
|
|
151F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585093339.000000000151F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151F000
|
| Size: |
24576
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1864992720.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1695124136.0000000001D40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1D40000
|
| Size: |
8192
|
|
|
7EDF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007EDF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EDF000
|
| Size: |
4096
|
|
|
150E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694595784.000000000150E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
150E000
|
| Size: |
57344
|
|
|
301000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000007.00000002.2480227564.0000000000301000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
301000
|
| Size: |
57344
|
|
|
1B88CEBE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1935906997.000001B88CEBE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CEBE000
|
| Size: |
8192
|
|
|
10FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2481000503.00000000010FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10FC000
|
| Size: |
16384
|
|
|
5744000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2484249497.0000000005744000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
5744000
|
| Size: |
49152
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866863995.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4C10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1706250960.0000000004C10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
155648
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869858368.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867751128.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
3158000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1881596180.0000000003158000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3158000
|
| Size: |
12288
|
|
|
323C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2483025387.000000000323C000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
323C000
|
| Size: |
339968
|
|
|
14FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694581232.00000000014FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14FE000
|
| Size: |
8192
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1610575222.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
2AF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1602062273.0000000002AF0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2AF0000
|
| Size: |
925696
|
|
|
2EE4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1697482274.0000000002EE4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EE4000
|
| Size: |
4096
|
|
|
2E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762552010.0000000002E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E6F000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867983548.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
7E9B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007E9B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E9B000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867339371.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866456257.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
319000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601738014.0000000000319000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
319000
|
| Size: |
61440
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870985690.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1869103801.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
3115000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.0000000003115000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3115000
|
| Size: |
8192
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1610588810.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
13D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694552386.00000000013D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D0000
|
| Size: |
4096
|
|
|
3127000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.0000000003127000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3127000
|
| Size: |
16384
|
|
|
1130000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2481217353.0000000001130000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1130000
|
| Size: |
4096
|
|
|
1B88B2FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985529847.000001B88B2FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B88B2FC000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866723056.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866952749.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868074465.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
56E1000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2484249497.00000000056E1000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
56E1000
|
| Size: |
12288
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870711456.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
300000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000000.1601599072.0000000000300000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
300000
|
| Size: |
4096
|
|
|
E9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2481577071.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E9A000
|
| Size: |
8192
|
|
|
B0E2000
|
system
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1984399994.000000000B0E2000.00000004.80000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page read and write
|
| Base address: |
B0E2000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870355020.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867520637.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1960000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1694698595.0000000001960000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1960000
|
| Size: |
1208320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1525000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585156884.0000000001525000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1525000
|
| Size: |
20480
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1871009344.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1711991249.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
BCC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.2480873183.0000000000BCC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BCC000
|
| Size: |
16384
|
|
|
2E70000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2482901113.0000000002E70000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2E70000
|
| Size: |
925696
|
|
|
1B88CEAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1935942975.000001B88CEAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CEAB000
|
| Size: |
4096
|
|
|
E61000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2481425372.0000000000E61000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E61000
|
| Size: |
12288
|
|
|
4CD0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2482536668.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4CD0000
|
| Size: |
1208320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1B88CAC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1985616515.000001B88CAC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B88CAC0000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870223420.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585048474.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
28672
|
|
|
1500000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1694595784.0000000001500000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1500000
|
| Size: |
32768
|
|
|
7EF3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1881491589.0000000007EF3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EF3000
|
| Size: |
20480
|
|
|
7F07000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2484625745.0000000007F07000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7F07000
|
| Size: |
12288
|
|
|
1AFE000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1694698595.0000000001AFE000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1AFE000
|
| Size: |
1220608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
A40000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.2480532459.0000000000A40000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A40000
|
| Size: |
4096
|
|
|
31B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2481962110.00000000031B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31B0000
|
| Size: |
16384
|
|
|
1110000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762276050.0000000001110000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1110000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868286929.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
151F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585190826.000000000151F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151F000
|
| Size: |
24576
|
|
|
311A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.000000000311A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
311A000
|
| Size: |
8192
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1694381907.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870300693.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
56EF000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2484249497.00000000056EF000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
56EF000
|
| Size: |
8192
|
|
|
12AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762366844.00000000012AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12AE000
|
| Size: |
8192
|
|
|
12F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.2481875257.00000000012F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
12F0000
|
| Size: |
16384
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1702200192.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
212992
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1871489338.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1870862605.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
4CCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2482471302.0000000004CCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CCE000
|
| Size: |
8192
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1866525090.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
8192
|
|
|
17B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1586739541.00000000017B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17B7000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
818F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2485916771.000000000818F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
818F000
|
| Size: |
4096
|
|
|
52FC000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2483248758.00000000052FC000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
52FC000
|
| Size: |
339968
|
|
|
3068000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2480736638.0000000003068000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3068000
|
| Size: |
53248
|
|
|
56E4000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2483248758.00000000056E4000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
56E4000
|
| Size: |
8192
|
|
|
2CC0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2482570169.0000000002CC0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2CC0000
|
| Size: |
12288
|
|
|
10FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000000.1762263919.00000000010FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10FC000
|
| Size: |
16384
|
|
|
2F62000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2483025387.0000000002F62000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2F62000
|
| Size: |
4096
|
|
|
4964000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1694734679.0000000004964000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4964000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1601000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1610500615.0000000001601000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1601000
|
| Size: |
217088
|
|
|
2CC4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1602129697.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CC4000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1882054785.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1610562098.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
1130000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000009.00000000.1762297590.0000000001130000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1130000
|
| Size: |
4096
|
|
|
4960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2482043603.0000000004960000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4960000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868321603.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867260971.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1867889878.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
1B88CE00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1935470810.000001B88CE00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B88CE00000
|
| Size: |
4096
|
|
|
4961000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000003.1868121805.0000000004961000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4961000
|
| Size: |
4096
|
|
|
E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000000.1601908888.0000000000E90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E90000
|
| Size: |
32768
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1610533246.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
151A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1585071529.000000000151A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151A000
|
| Size: |
4096
|
|
