|
8C0000
|
trusted library allocation
|
page read and write
|
 |
|
|
| Name: |
00000005.00000002.2615984207.00000000008C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8C0000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3481000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003481000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3481000
|
| Size: |
1085440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
3980000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1911046997.0000000003980000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3980000
|
| Size: |
4939776
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
4320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2617306934.0000000004320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4320000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
5000000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2617251944.0000000005000000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5000000
|
| Size: |
4939776
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1905455686.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
286720
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
6500000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1394610501.0000000006500000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
6500000
|
| Size: |
606208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
|
|
600000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2615715493.0000000000600000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
600000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
63C0000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1981834340.00000000063C0000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
63C0000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
AE0000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2616880626.0000000000AE0000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
AE0000
|
| Size: |
442368
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
3956000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003956000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3956000
|
| Size: |
4096
|
|
|
20F4410D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214398181.0000020F4410D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F4410D000
|
| Size: |
4096
|
|
|
43DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1915419405.00000000043DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
43DD000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3971000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003971000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3971000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098900798.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098113140.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
39A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39A3000
|
| Size: |
4096
|
|
|
1220000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906166179.0000000001220000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1220000
|
| Size: |
24576
|
|
|
39AA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039AA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39AA000
|
| Size: |
106496
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095151913.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3A54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A54000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098946314.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099024729.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
5D0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1981665285.00000000005D0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5D0000
|
| Size: |
4096
|
|
|
3A88000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A88000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A88000
|
| Size: |
24576
|
|
|
3969000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003969000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3969000
|
| Size: |
12288
|
|
|
39DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39DC000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097513062.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
970000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000970000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
970000
|
| Size: |
24576
|
|
|
3855000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003855000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3855000
|
| Size: |
4096
|
|
|
454E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2617536287.000000000454E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
454E000
|
| Size: |
8192
|
|
|
450E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2617507892.000000000450E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
450E000
|
| Size: |
8192
|
|
|
30BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827962238.00000000030BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30BF000
|
| Size: |
4096
|
|
|
4481000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1391092460.0000000004481000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4481000
|
| Size: |
339968
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
39A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39A1000
|
| Size: |
4096
|
|
|
3683000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003683000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3683000
|
| Size: |
4096
|
|
|
38F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F5000
|
| Size: |
4096
|
|
|
A14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A14000
|
| Size: |
8192
|
|
|
3664000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003664000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3664000
|
| Size: |
4096
|
|
|
38A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A6000
|
| Size: |
4096
|
|
|
3B2C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003B2C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B2C000
|
| Size: |
12288
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095812154.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
372C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000372C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
372C000
|
| Size: |
4096
|
|
|
4BBC000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2618298895.0000000004BBC000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
4BBC000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
8A9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827422853.00000000008A9000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8A9000
|
| Size: |
61440
|
|
|
A28000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A28000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A28000
|
| Size: |
8192
|
|
|
3719000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003719000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3719000
|
| Size: |
4096
|
|
|
4370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2617381500.0000000004370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4370000
|
| Size: |
94208
|
|
|
20F442A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2164764689.0000020F442A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F442A5000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2093504815.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097624494.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
371E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000371E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
371E000
|
| Size: |
4096
|
|
|
3AF3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AF3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AF3000
|
| Size: |
20480
|
|
|
1822000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.0000000001822000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1822000
|
| Size: |
159744
|
|
|
36DD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036DD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36DD000
|
| Size: |
4096
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000002.2616413738.0000000000891000.00000020.00000001.01000000.00000007.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
891000
|
| Size: |
57344
|
|
|
C19000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2617354376.0000000000C19000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C19000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
B76000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2616880626.0000000000B76000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
B76000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095192994.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100246288.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
1574000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827785507.0000000001574000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1574000
|
| Size: |
4096
|
|
|
28B2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2618028068.00000000028B2000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
28B2000
|
| Size: |
4096
|
|
|
37F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37F9000
|
| Size: |
4096
|
|
|
386A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000386A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
386A000
|
| Size: |
4096
|
|
|
361A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000361A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
361A000
|
| Size: |
4096
|
|
|
3730000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003730000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3730000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2093141092.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3639000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003639000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3639000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099105407.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
A34000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A34000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A34000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2101306047.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3765000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003765000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3765000
|
| Size: |
45056
|
|
|
20F442BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2164685348.0000020F442BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F442BE000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095885056.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
1570000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827785507.0000000001570000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1570000
|
| Size: |
8192
|
|
|
27F2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1982252581.00000000027F2000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
27F2000
|
| Size: |
4096
|
|
|
35D5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035D5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35D5000
|
| Size: |
57344
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098508004.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3AEB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AEB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AEB000
|
| Size: |
4096
|
|
|
3794000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003794000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3794000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095734734.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
1170000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906084026.0000000001170000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1170000
|
| Size: |
4096
|
|
|
142E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827686624.000000000142E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
142E000
|
| Size: |
8192
|
|
|
11A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906110139.00000000011A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11A0000
|
| Size: |
16384
|
|
|
AB0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2616747507.0000000000AB0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
AB0000
|
| Size: |
4096
|
|
|
3631000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003631000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3631000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097315838.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1981532790.00000000004E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4E0000
|
| Size: |
4096
|
|
|
38D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38D4000
|
| Size: |
4096
|
|
|
3609000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003609000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3609000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095274292.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
890000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827307721.0000000000890000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
890000
|
| Size: |
4096
|
|
|
16D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374280356.00000000016D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16D0000
|
| Size: |
16384
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099505343.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4E0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2615665081.00000000004E0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4E0000
|
| Size: |
4096
|
|
|
1820000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2616749060.0000000001820000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1820000
|
| Size: |
32768
|
|
|
37B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37B3000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2093702390.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3732000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003732000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3732000
|
| Size: |
4096
|
|
|
4346000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1906511372.0000000004346000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4346000
|
| Size: |
512000
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099725008.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
20F442CE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2164625599.0000020F442CE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F442CE000
|
| Size: |
4096
|
|
|
20F426D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214233043.0000020F426D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F426D0000
|
| Size: |
4096
|
|
|
36B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B7000
|
| Size: |
4096
|
|
|
76A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76A1000
|
| Size: |
4096
|
|
|
A23000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A23000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A23000
|
| Size: |
12288
|
|
|
1A11000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1906353643.0000000001A11000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A11000
|
| Size: |
16384
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100621796.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
36A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36A2000
|
| Size: |
12288
|
|
|
7D5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620894419.0000000007D5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D5F000
|
| Size: |
4096
|
|
|
3A99000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A99000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A99000
|
| Size: |
57344
|
|
|
7706000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.0000000007706000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7706000
|
| Size: |
8192
|
|
|
7E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2621027668.0000000007E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7E6F000
|
| Size: |
4096
|
|
|
DFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1905979881.0000000000DFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DFC000
|
| Size: |
16384
|
|
|
3B28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003B28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B28000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095776098.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2110194290.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
E74C5FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2213974919.000000E74C5FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E74C5FB000
|
| Size: |
20480
|
|
|
3715000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003715000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3715000
|
| Size: |
4096
|
|
|
996000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000996000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
996000
|
| Size: |
8192
|
|
|
36BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36BF000
|
| Size: |
94208
|
|
|
3601000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003601000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3601000
|
| Size: |
4096
|
|
|
20F44201000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214515165.0000020F44201000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F44201000
|
| Size: |
4096
|
|
|
369A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000369A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
369A000
|
| Size: |
4096
|
|
|
3100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827982204.0000000003100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3100000
|
| Size: |
8192
|
|
|
606E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393256774.000000000606E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
606E000
|
| Size: |
8192
|
|
|
399D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000399D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
399D000
|
| Size: |
4096
|
|
|
396F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000396F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
396F000
|
| Size: |
4096
|
|
|
37CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37CB000
|
| Size: |
4096
|
|
|
1BB1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2616795755.0000000001BB1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1BB1000
|
| Size: |
348160
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095357546.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
36FC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036FC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36FC000
|
| Size: |
12288
|
|
|
20F44000000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214355865.0000020F44000000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F44000000
|
| Size: |
4096
|
|
|
9E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.00000000009E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9E8000
|
| Size: |
4096
|
|
|
76B3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076B3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76B3000
|
| Size: |
4096
|
|
|
37FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37FF000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2093066792.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
37AD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037AD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37AD000
|
| Size: |
4096
|
|
|
38F7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038F7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F7000
|
| Size: |
4096
|
|
|
38F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F1000
|
| Size: |
4096
|
|
|
7696000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106509974.0000000007696000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7696000
|
| Size: |
73728
|
|
|
A51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A51000
|
| Size: |
12288
|
|
|
1B10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375726381.0000000001B10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1B10000
|
| Size: |
65536
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094692152.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3760000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003760000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3760000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096936488.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
9CD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.00000000009CD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9CD000
|
| Size: |
53248
|
|
|
20F44200000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2164197929.0000020F44200000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F44200000
|
| Size: |
4096
|
|
|
992000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1908572356.0000000000992000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
992000
|
| Size: |
20480
|
|
|
472E000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2617586828.000000000472E000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
472E000
|
| Size: |
1220608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
38DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38DE000
|
| Size: |
4096
|
|
|
3908000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003908000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3908000
|
| Size: |
4096
|
|
|
3666000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003666000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3666000
|
| Size: |
4096
|
|
|
35EC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35EC000
|
| Size: |
4096
|
|
|
13F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906287652.00000000013F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F0000
|
| Size: |
4096
|
|
|
16D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374280356.00000000016D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16D5000
|
| Size: |
12288
|
|
|
3A27000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A27000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A27000
|
| Size: |
4096
|
|
|
680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2615796912.0000000000680000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
680000
|
| Size: |
4096
|
|
|
51FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2619521754.00000000051FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51FF000
|
| Size: |
4096
|
|
|
3A77000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A77000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A77000
|
| Size: |
4096
|
|
|
987000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1909407578.0000000000987000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
987000
|
| Size: |
4096
|
|
|
6880000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1396350884.0000000006880000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6880000
|
| Size: |
274432
|
|
|
1A2D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1906353643.0000000001A2D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A2D000
|
| Size: |
4096
|
|
|
39F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39F1000
|
| Size: |
4096
|
|
|
13C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2616183295.00000000013C0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
13C0000
|
| Size: |
4096
|
|
|
372E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000372E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
372E000
|
| Size: |
4096
|
|
|
5ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393020175.0000000005ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ADE000
|
| Size: |
8192
|
|
|
7719000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2109575346.0000000007719000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7719000
|
| Size: |
4096
|
|
|
39E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39E4000
|
| Size: |
49152
|
|
|
1431000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2616301531.0000000001431000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1431000
|
| Size: |
12288
|
|
|
3670000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003670000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3670000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097007385.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
36E3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036E3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36E3000
|
| Size: |
4096
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1981647650.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
3AAC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AAC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AAC000
|
| Size: |
4096
|
|
|
89F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2616482669.000000000089F000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
89F000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
38FB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038FB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38FB000
|
| Size: |
49152
|
|
|
38A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A2000
|
| Size: |
4096
|
|
|
37A7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037A7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37A7000
|
| Size: |
4096
|
|
|
1A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375615900.0000000001A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A70000
|
| Size: |
4096
|
|
|
37ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37ED000
|
| Size: |
12288
|
|
|
46BD000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2617586828.00000000046BD000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
46BD000
|
| Size: |
458752
|
|
|
3814000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003814000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3814000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099798002.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3C8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2615666554.00000000003C8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3C8000
|
| Size: |
32768
|
|
|
1570000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616500776.0000000001570000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1570000
|
| Size: |
8192
|
|
|
374E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000374E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
374E000
|
| Size: |
28672
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097724071.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
890000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2615562390.0000000000890000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
890000
|
| Size: |
4096
|
|
|
271C000
|
system
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2212834626.000000000271C000.00000004.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page read and write
|
| Base address: |
271C000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7707000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2109575346.0000000007707000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7707000
|
| Size: |
8192
|
|
|
3734000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003734000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3734000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096747908.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
45B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1391092460.00000000045B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45B7000
|
| Size: |
606208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
37AB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037AB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37AB000
|
| Size: |
4096
|
|
|
3626000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003626000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3626000
|
| Size: |
16384
|
|
|
770F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.000000000770F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
770F000
|
| Size: |
12288
|
|
|
162A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616590138.000000000162A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
162A000
|
| Size: |
8192
|
|
|
1A2D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1375364797.0000000001A2D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A2D000
|
| Size: |
4096
|
|
|
1B80000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1911046997.0000000001B80000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
1B80000
|
| Size: |
10485760
|
|
|
3C00000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2617251944.0000000003C00000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3C00000
|
| Size: |
10485760
|
|
|
20F42742000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214252053.0000020F42742000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F42742000
|
| Size: |
20480
|
|
|
6360000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1393752381.0000000006360000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6360000
|
| Size: |
65536
|
|
|
3982000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003982000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3982000
|
| Size: |
4096
|
|
|
3A95000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A95000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A95000
|
| Size: |
4096
|
|
|
3ADE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003ADE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ADE000
|
| Size: |
12288
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094034322.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
45B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1391092460.00000000045B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
45B5000
|
| Size: |
4096
|
|
|
3200000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2617251944.0000000003200000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
3200000
|
| Size: |
10485760
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095314541.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
36D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36D9000
|
| Size: |
4096
|
|
|
A57000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A57000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A57000
|
| Size: |
4096
|
|
|
3780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3780000
|
| Size: |
53248
|
|
|
76DC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076DC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76DC000
|
| Size: |
8192
|
|
|
1820000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827904799.0000000001820000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1820000
|
| Size: |
32768
|
|
|
7701000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2109575346.0000000007701000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7701000
|
| Size: |
4096
|
|
|
1AD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375669744.0000000001AD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1AD0000
|
| Size: |
65536
|
|
|
1440000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827721619.0000000001440000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1440000
|
| Size: |
4096
|
|
|
36DF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036DF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36DF000
|
| Size: |
4096
|
|
|
37C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37C9000
|
| Size: |
4096
|
|
|
36F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36F4000
|
| Size: |
12288
|
|
|
89F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827388972.000000000089F000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
89F000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097182202.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
18FE000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1906353643.00000000018FE000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
18FE000
|
| Size: |
24576
|
|
|
359A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000359A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
359A000
|
| Size: |
12288
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096514032.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
47E7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1391092460.00000000047E7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47E7000
|
| Size: |
843776
|
|
|
394C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000394C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
394C000
|
| Size: |
4096
|
|
|
13D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616230849.00000000013D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D0000
|
| Size: |
4096
|
|
|
769C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.000000000769C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
769C000
|
| Size: |
4096
|
|
|
378E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000378E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
378E000
|
| Size: |
4096
|
|
|
1815000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.0000000001815000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1815000
|
| Size: |
49152
|
|
|
3792000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003792000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3792000
|
| Size: |
4096
|
|
|
3873000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003873000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3873000
|
| Size: |
53248
|
|
|
3758000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003758000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3758000
|
| Size: |
4096
|
|
|
24CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2617650235.00000000024CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
24CC000
|
| Size: |
16384
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098982082.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
35E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35E4000
|
| Size: |
4096
|
|
|
3808000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003808000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3808000
|
| Size: |
45056
|
|
|
3711000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003711000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3711000
|
| Size: |
4096
|
|
|
8A9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2616592053.00000000008A9000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8A9000
|
| Size: |
61440
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2110337403.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094584551.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
A51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A51000
|
| Size: |
12288
|
|
|
7D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620867273.0000000007D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D1E000
|
| Size: |
8192
|
|
|
38EF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038EF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38EF000
|
| Size: |
4096
|
|
|
25F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2617793470.00000000025F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25F4000
|
| Size: |
4096
|
|
|
3EB5000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1911046997.0000000003EB5000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3EB5000
|
| Size: |
10485760
|
|
|
3618000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003618000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3618000
|
| Size: |
4096
|
|
|
3821000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003821000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3821000
|
| Size: |
57344
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098009925.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3110000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2616958862.0000000003110000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3110000
|
| Size: |
925696
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096822103.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
399F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000399F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
399F000
|
| Size: |
4096
|
|
|
3976000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003976000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3976000
|
| Size: |
45056
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096593442.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099910136.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4223000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1906511372.0000000004223000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4223000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096549353.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3622000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003622000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3622000
|
| Size: |
4096
|
|
|
3605000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003605000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3605000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094522523.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
611E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393282533.000000000611E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
611E000
|
| Size: |
8192
|
|
|
20F42717000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214252053.0000020F42717000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F42717000
|
| Size: |
73728
|
|
|
37B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37B5000
|
| Size: |
36864
|
|
|
3851000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003851000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3851000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096858059.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
1245000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906166179.0000000001245000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1245000
|
| Size: |
12288
|
|
|
37E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37E2000
|
| Size: |
4096
|
|
|
17E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.00000000017E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17E0000
|
| Size: |
24576
|
|
|
3954000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003954000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3954000
|
| Size: |
4096
|
|
|
7716000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2109575346.0000000007716000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7716000
|
| Size: |
8192
|
|
|
358B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000358B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
358B000
|
| Size: |
32768
|
|
|
35B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35B3000
|
| Size: |
4096
|
|
|
8A6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827407140.00000000008A6000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8A6000
|
| Size: |
8192
|
|
|
6380000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1393797255.0000000006380000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6380000
|
| Size: |
28672
|
|
|
AB0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1981895416.0000000000AB0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
AB0000
|
| Size: |
4096
|
|
|
981000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1908903734.0000000000981000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
981000
|
| Size: |
28672
|
|
|
1574000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616500776.0000000001574000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1574000
|
| Size: |
4096
|
|
|
35FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35FF000
|
| Size: |
4096
|
|
|
13E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616258473.00000000013E0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
13E0000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100094872.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
37E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37E0000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2093023933.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095481246.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099871743.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3687000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003687000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3687000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097353783.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3959000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003959000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3959000
|
| Size: |
45056
|
|
|
1A57000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1375582612.0000000001A57000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A57000
|
| Size: |
4096
|
|
|
9A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.00000000009A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9A0000
|
| Size: |
180224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1081000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2617582439.0000000001081000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1081000
|
| Size: |
348160
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094368227.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3762000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003762000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3762000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096446197.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
15BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827818444.00000000015BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15BE000
|
| Size: |
8192
|
|
|
7DDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620958699.0000000007DDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DDF000
|
| Size: |
4096
|
|
|
37CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37CD000
|
| Size: |
4096
|
|
|
361E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000361E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
361E000
|
| Size: |
12288
|
|
|
A1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A1A000
|
| Size: |
8192
|
|
|
2EB4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2618028068.0000000002EB4000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2EB4000
|
| Size: |
8192
|
|
|
39DA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039DA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39DA000
|
| Size: |
4096
|
|
|
A3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A3F000
|
| Size: |
4096
|
|
|
6420000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1394161017.0000000006420000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6420000
|
| Size: |
65536
|
|
|
1160000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906050514.0000000001160000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1160000
|
| Size: |
4096
|
|
|
9BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2616658049.00000000009BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9BC000
|
| Size: |
16384
|
|
|
3A1A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A1A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A1A000
|
| Size: |
49152
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097915199.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
7693000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.0000000007693000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7693000
|
| Size: |
20480
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095648675.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
389E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000389E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
389E000
|
| Size: |
4096
|
|
|
3B15000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003B15000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B15000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1930808632.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
200704
|
|
|
55A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1981571690.000000000055A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55A000
|
| Size: |
24576
|
|
|
366A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000366A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
366A000
|
| Size: |
4096
|
|
|
362D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000362D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
362D000
|
| Size: |
12288
|
|
|
362B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000362B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
362B000
|
| Size: |
4096
|
|
|
16B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374217618.00000000016B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16B0000
|
| Size: |
4096
|
|
|
37FB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037FB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37FB000
|
| Size: |
4096
|
|
|
76F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76F1000
|
| Size: |
20480
|
|
|
38B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2615570293.000000000038B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
38B000
|
| Size: |
20480
|
|
|
13E0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827591449.00000000013E0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
13E0000
|
| Size: |
4096
|
|
|
38A4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038A4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A4000
|
| Size: |
4096
|
|
|
3B2A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003B2A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B2A000
|
| Size: |
4096
|
|
|
1540000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2616431955.0000000001540000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1540000
|
| Size: |
16384
|
|
|
3ACB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003ACB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ACB000
|
| Size: |
4096
|
|
|
392D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000392D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
392D000
|
| Size: |
90112
|
|
|
3777000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003777000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3777000
|
| Size: |
4096
|
|
|
63A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393866863.00000000063A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
63A0000
|
| Size: |
65536
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097840452.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096162492.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
35E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35E8000
|
| Size: |
4096
|
|
|
38C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38C1000
|
| Size: |
4096
|
|
|
20F442C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2164685348.0000020F442C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F442C4000
|
| Size: |
24576
|
|
|
35A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35A2000
|
| Size: |
4096
|
|
|
3637000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003637000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3637000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094880878.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
390E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000390E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
390E000
|
| Size: |
4096
|
|
|
20F43FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2163440893.0000020F43FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F43FA0000
|
| Size: |
4096
|
|
|
392B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000392B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
392B000
|
| Size: |
4096
|
|
|
9EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.00000000009EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9EC000
|
| Size: |
12288
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095027709.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
1A00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375205203.0000000001A00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A00000
|
| Size: |
8192
|
|
|
26FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2617868624.00000000026FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
26FF000
|
| Size: |
4096
|
|
|
67D8000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1395912851.00000000067D8000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
67D8000
|
| Size: |
159744
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
361C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000361C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
361C000
|
| Size: |
4096
|
|
|
1AA8000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1906353643.0000000001AA8000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1AA8000
|
| Size: |
16384
|
|
|
20F42516000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2214089934.0000020F42516000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
20F42516000
|
| Size: |
4096
|
|
|
38DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38DC000
|
| Size: |
4096
|
|
|
3910000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003910000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3910000
|
| Size: |
12288
|
|
|
38D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38D2000
|
| Size: |
4096
|
|
|
3950000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003950000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3950000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096973252.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094102757.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
B67000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2616880626.0000000000B67000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
B67000
|
| Size: |
4096
|
|
|
20F42710000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214252053.0000020F42710000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F42710000
|
| Size: |
24576
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100849759.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096200544.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3944000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003944000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3944000
|
| Size: |
28672
|
|
|
3A12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A12000
|
| Size: |
4096
|
|
|
797D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620806587.000000000797D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
797D000
|
| Size: |
12288
|
|
|
3973000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003973000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3973000
|
| Size: |
8192
|
|
|
48D2000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2617586828.00000000048D2000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
48D2000
|
| Size: |
40960
|
|
|
14FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1373846462.00000000014FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14FC000
|
| Size: |
16384
|
|
|
5488000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1392878572.0000000005488000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5488000
|
| Size: |
8192
|
|
|
6820000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1396237219.0000000006820000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6820000
|
| Size: |
65536
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097241363.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
15EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906304347.00000000015EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15EF000
|
| Size: |
4096
|
|
|
19DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375181758.00000000019DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19DF000
|
| Size: |
4096
|
|
|
5C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393070328.0000000005C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C1E000
|
| Size: |
8192
|
|
|
A1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A1F000
|
| Size: |
4096
|
|
|
369C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000369C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
369C000
|
| Size: |
4096
|
|
|
11EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906145126.00000000011EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11EE000
|
| Size: |
8192
|
|
|
5136000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2618298895.0000000005136000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
5136000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100172501.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
76A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76A8000
|
| Size: |
4096
|
|
|
CF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1982040368.0000000000CF0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CF0000
|
| Size: |
32768
|
|
|
379B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000379B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
379B000
|
| Size: |
45056
|
|
|
1AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375711340.0000000001AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1AF0000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100923644.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
83E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2616182055.000000000083E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
83E000
|
| Size: |
8192
|
|
|
25F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1982135258.00000000025F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25F0000
|
| Size: |
8192
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000002.2615663766.0000000000891000.00000020.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
891000
|
| Size: |
57344
|
|
|
35A7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035A7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35A7000
|
| Size: |
4096
|
|
|
4797000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1391092460.0000000004797000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4797000
|
| Size: |
282624
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099277025.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
1BB1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827922647.0000000001BB1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1BB1000
|
| Size: |
348160
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
7710000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2109575346.0000000007710000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7710000
|
| Size: |
8192
|
|
|
76CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76CC000
|
| Size: |
8192
|
|
|
186B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.000000000186B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
186B000
|
| Size: |
311296
|
|
|
3A6F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A6F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A6F000
|
| Size: |
4096
|
|
|
162E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827834077.000000000162E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
162E000
|
| Size: |
90112
|
|
|
5EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393184954.0000000005EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EEE000
|
| Size: |
8192
|
|
|
63E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1393992540.00000000063E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
63E0000
|
| Size: |
65536
|
|
|
8A6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2615758082.00000000008A6000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8A6000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096284507.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2110421019.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094757318.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
1228000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906166179.0000000001228000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1228000
|
| Size: |
114688
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095847760.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097778608.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098862827.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3ACD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003ACD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ACD000
|
| Size: |
4096
|
|
|
25F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1982135258.00000000025F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25F4000
|
| Size: |
4096
|
|
|
39E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39E0000
|
| Size: |
4096
|
|
|
8A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2615936295.00000000008A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8A0000
|
| Size: |
4096
|
|
|
3967000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003967000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3967000
|
| Size: |
4096
|
|
|
35A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35A9000
|
| Size: |
12288
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100207120.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
8A9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1981811993.00000000008A9000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8A9000
|
| Size: |
61440
|
|
|
375C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000375C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
375C000
|
| Size: |
4096
|
|
|
63F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1394034470.00000000063F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
63F0000
|
| Size: |
65536
|
|
|
63C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393911141.00000000063C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
63C1000
|
| Size: |
61440
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096239772.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
770B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.000000000770B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
770B000
|
| Size: |
8192
|
|
|
9FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.00000000009FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9FF000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100812107.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099689129.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097463590.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
49A2000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2618298895.00000000049A2000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
49A2000
|
| Size: |
4096
|
|
|
8A9000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2615793043.00000000008A9000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
8A9000
|
| Size: |
61440
|
|
|
20F44100000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214375453.0000020F44100000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F44100000
|
| Size: |
4096
|
|
|
3AC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AC7000
|
| Size: |
4096
|
|
|
3E4D000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1911046997.0000000003E4D000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
3E4D000
|
| Size: |
4096
|
|
|
5A90000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1392993190.0000000005A90000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5A90000
|
| Size: |
4096
|
|
|
E74CDFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214012104.000000E74CDFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E74CDFE000
|
| Size: |
8192
|
|
|
1450000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827737383.0000000001450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
20480
|
|
|
76D2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076D2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76D2000
|
| Size: |
8192
|
|
|
375A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000375A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
375A000
|
| Size: |
4096
|
|
|
8A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1920019459.00000000008A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8A0000
|
| Size: |
151552
|
|
|
389C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000389C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
389C000
|
| Size: |
4096
|
|
|
3739000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003739000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3739000
|
| Size: |
81920
|
|
|
38E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38E0000
|
| Size: |
49152
|
|
|
27F2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2618028068.00000000027F2000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
27F2000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097579362.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
390C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000390C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
390C000
|
| Size: |
4096
|
|
|
3A93000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A93000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A93000
|
| Size: |
4096
|
|
|
363B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000363B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
363B000
|
| Size: |
94208
|
|
|
39C8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039C8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39C8000
|
| Size: |
53248
|
|
|
814000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1920726711.0000000000814000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
814000
|
| Size: |
4096
|
|
|
3B19000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003B19000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B19000
|
| Size: |
4096
|
|
|
7990000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620835214.0000000007990000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7990000
|
| Size: |
4096
|
|
|
A4D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A4D000
|
| Size: |
8192
|
|
|
3984000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003984000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3984000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096676492.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099244748.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3AE8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AE8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AE8000
|
| Size: |
4096
|
|
|
36A8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036A8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36A8000
|
| Size: |
24576
|
|
|
38DA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038DA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38DA000
|
| Size: |
4096
|
|
|
17EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.00000000017EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17EE000
|
| Size: |
155648
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
A90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1981869203.0000000000A90000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A90000
|
| Size: |
16384
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099979055.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
35EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35EE000
|
| Size: |
8192
|
|
|
35A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35A5000
|
| Size: |
4096
|
|
|
76BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76BA000
|
| Size: |
32768
|
|
|
3110000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1828009566.0000000003110000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3110000
|
| Size: |
925696
|
|
|
36BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36BD000
|
| Size: |
4096
|
|
|
172F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906338472.000000000172F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
172F000
|
| Size: |
4096
|
|
|
188D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1906353643.000000000188D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
188D000
|
| Size: |
458752
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095440393.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
860000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2616297990.0000000000860000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
860000
|
| Size: |
4096
|
|
|
930000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1928094262.0000000000930000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
147456
|
|
|
FF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2615890519.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FF0000
|
| Size: |
4096
|
|
|
39E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39E2000
|
| Size: |
4096
|
|
|
A3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A3F000
|
| Size: |
4096
|
|
|
13C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827555446.00000000013C0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
13C0000
|
| Size: |
4096
|
|
|
6220000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393328780.0000000006220000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
6220000
|
| Size: |
1298432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
39FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39FF000
|
| Size: |
49152
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098595587.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
37E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37E8000
|
| Size: |
4096
|
|
|
590000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1981591230.0000000000590000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
590000
|
| Size: |
4096
|
|
|
162A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827834077.000000000162A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
162A000
|
| Size: |
8192
|
|
|
3A14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A14000
|
| Size: |
12288
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2092118425.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
37AF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037AF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37AF000
|
| Size: |
4096
|
|
|
3771000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003771000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3771000
|
| Size: |
4096
|
|
|
98C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1911263554.000000000098C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
98C000
|
| Size: |
24576
|
|
|
3A56000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A56000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A56000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100770917.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
1A23000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1375291256.0000000001A23000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A23000
|
| Size: |
4096
|
|
|
3866000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003866000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3866000
|
| Size: |
12288
|
|
|
39D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39D6000
|
| Size: |
4096
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2617354376.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
32768
|
|
|
4F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1981551841.00000000004F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4F0000
|
| Size: |
4096
|
|
|
36B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B5000
|
| Size: |
4096
|
|
|
39C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39C5000
|
| Size: |
4096
|
|
|
A57000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A57000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A57000
|
| Size: |
36864
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096123189.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
5D1F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393098609.0000000005D1F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D1F000
|
| Size: |
4096
|
|
|
814000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1920752643.0000000000814000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
814000
|
| Size: |
4096
|
|
|
3885000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003885000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3885000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096478738.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
390A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000390A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
390A000
|
| Size: |
4096
|
|
|
37A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37A9000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2092887969.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3AB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AB2000
|
| Size: |
4096
|
|
|
3892000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003892000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3892000
|
| Size: |
36864
|
|
|
13A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2616092712.00000000013A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
13A0000
|
| Size: |
4096
|
|
|
37C3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037C3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37C3000
|
| Size: |
4096
|
|
|
7714000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2109575346.0000000007714000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7714000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099338811.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100582824.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097108583.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
35D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35D1000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096783984.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
7400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2619973452.0000000007400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7400000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2093105968.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099617979.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
37C7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037C7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37C7000
|
| Size: |
4096
|
|
|
162E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906320324.000000000162E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
162E000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096709352.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3A75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A75000
|
| Size: |
4096
|
|
|
18C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.00000000018C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18C4000
|
| Size: |
12288
|
|
|
39DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39DE000
|
| Size: |
4096
|
|
|
7780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620705127.0000000007780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7780000
|
| Size: |
4096
|
|
|
396D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000396D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
396D000
|
| Size: |
4096
|
|
|
BFE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2617354376.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BFE000
|
| Size: |
94208
|
|
|
347E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375888997.000000000347E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
347E000
|
| Size: |
8192
|
|
|
987000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1911263554.0000000000987000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
987000
|
| Size: |
4096
|
|
|
36BB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036BB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36BB000
|
| Size: |
4096
|
|
|
136C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616030792.000000000136C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
136C000
|
| Size: |
16384
|
|
|
89F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1981767121.000000000089F000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
89F000
|
| Size: |
28672
|
|
|
1440000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616348419.0000000001440000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1440000
|
| Size: |
4096
|
|
|
369E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000369E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
369E000
|
| Size: |
4096
|
|
|
37C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37C5000
|
| Size: |
4096
|
|
|
4420000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2617442740.0000000004420000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4420000
|
| Size: |
94208
|
|
|
20F4410F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214398181.0000020F4410F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F4410F000
|
| Size: |
36864
|
|
|
930000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1984335989.0000000000930000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
143360
|
|
|
6390000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393826626.0000000006390000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6390000
|
| Size: |
65536
|
|
|
20F44103000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214398181.0000020F44103000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F44103000
|
| Size: |
16384
|
|
|
1A10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375222654.0000000001A10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1A10000
|
| Size: |
16384
|
|
|
1540000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827754439.0000000001540000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1540000
|
| Size: |
16384
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2092817422.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3952000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003952000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3952000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099650802.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095593830.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
37B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37B1000
|
| Size: |
4096
|
|
|
1A26000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1906353643.0000000001A26000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A26000
|
| Size: |
8192
|
|
|
AD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1981916014.0000000000AD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD0000
|
| Size: |
20480
|
|
|
335E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375815794.000000000335E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
335E000
|
| Size: |
8192
|
|
|
3775000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003775000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3775000
|
| Size: |
4096
|
|
|
1610000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374105896.0000000001610000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1610000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094454167.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
5D0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2615987754.00000000005D0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5D0000
|
| Size: |
4096
|
|
|
9DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.00000000009DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9DE000
|
| Size: |
8192
|
|
|
6800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1396196400.0000000006800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6800000
|
| Size: |
53248
|
|
|
920000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616073974.0000000000920000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
920000
|
| Size: |
16384
|
|
|
35A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35A0000
|
| Size: |
4096
|
|
|
38A8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038A8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A8000
|
| Size: |
98304
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096317399.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
384F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000384F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
384F000
|
| Size: |
4096
|
|
|
3790000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003790000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3790000
|
| Size: |
4096
|
|
|
1620000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827834077.0000000001620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1620000
|
| Size: |
32768
|
|
|
3831000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003831000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3831000
|
| Size: |
12288
|
|
|
76A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76A6000
|
| Size: |
4096
|
|
|
4655000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1391092460.0000000004655000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4655000
|
| Size: |
290816
|
|
|
1A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375277031.0000000001A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A20000
|
| Size: |
12288
|
|
|
3837000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003837000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3837000
|
| Size: |
69632
|
|
|
5F35000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2617251944.0000000005F35000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5F35000
|
| Size: |
3530752
|
|
|
3A79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A79000
|
| Size: |
4096
|
|
|
3633000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003633000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3633000
|
| Size: |
12288
|
|
|
65F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1395556534.00000000065F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
65F0000
|
| Size: |
65536
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096047868.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3AB5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AB5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AB5000
|
| Size: |
36864
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100547929.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
770B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2109575346.000000000770B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
770B000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100135825.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098045728.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
5F6D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393233528.0000000005F6D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F6D000
|
| Size: |
12288
|
|
|
5DAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393125001.0000000005DAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5DAD000
|
| Size: |
12288
|
|
|
5A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1981610169.00000000005A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5A0000
|
| Size: |
4096
|
|
|
3B1B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003B1B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B1B000
|
| Size: |
49152
|
|
|
6645000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1395750700.0000000006645000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6645000
|
| Size: |
36864
|
|
|
FD2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1363090311.0000000000FD2000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FD2000
|
| Size: |
1454080
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097961755.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
1852000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.0000000001852000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1852000
|
| Size: |
98304
|
|
|
184A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.000000000184A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
184A000
|
| Size: |
8192
|
|
|
3883000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003883000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3883000
|
| Size: |
4096
|
|
|
388D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000388D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
388D000
|
| Size: |
8192
|
|
|
98C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1911010720.000000000098C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
98C000
|
| Size: |
24576
|
|
|
37EB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037EB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37EB000
|
| Size: |
4096
|
|
|
54CD000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2617251944.00000000054CD000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
54CD000
|
| Size: |
4096
|
|
|
9E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.00000000009E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9E8000
|
| Size: |
4096
|
|
|
39D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39D8000
|
| Size: |
4096
|
|
|
368B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000368B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
368B000
|
| Size: |
4096
|
|
|
561E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1392904083.000000000561E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
561E000
|
| Size: |
8192
|
|
|
3679000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003679000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3679000
|
| Size: |
28672
|
|
|
3A71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A71000
|
| Size: |
12288
|
|
|
3835000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003835000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3835000
|
| Size: |
4096
|
|
|
7E2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620986792.0000000007E2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7E2E000
|
| Size: |
8192
|
|
|
35B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35B5000
|
| Size: |
4096
|
|
|
381A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000381A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
381A000
|
| Size: |
4096
|
|
|
37BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37BF000
|
| Size: |
4096
|
|
|
20F4273F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2164855281.0000020F4273F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F4273F000
|
| Size: |
4096
|
|
|
4D0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1981506185.00000000004D0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4D0000
|
| Size: |
4096
|
|
|
36A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36A0000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100315151.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
257E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2617755507.000000000257E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
257E000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2092351848.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3A31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A31000
|
| Size: |
131072
|
|
|
1A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375390905.0000000001A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A30000
|
| Size: |
53248
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098765861.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
6840000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1396280440.0000000006840000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6840000
|
| Size: |
131072
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095693162.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
644B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1394257619.000000000644B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
644B000
|
| Size: |
20480
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099070327.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
1620000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616590138.0000000001620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1620000
|
| Size: |
32768
|
|
|
BFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1981933055.0000000000BFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BFA000
|
| Size: |
8192
|
|
|
A23000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A23000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A23000
|
| Size: |
12288
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095231206.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
6450000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1394323374.0000000006450000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6450000
|
| Size: |
65536
|
|
|
46F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1391092460.00000000046F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46F9000
|
| Size: |
286720
|
|
|
3709000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003709000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3709000
|
| Size: |
20480
|
|
|
35F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35F5000
|
| Size: |
36864
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099944721.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3889000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003889000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3889000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099209763.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
35B7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035B7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35B7000
|
| Size: |
94208
|
|
|
7790000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620735929.0000000007790000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7790000
|
| Size: |
4096
|
|
|
9F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.00000000009F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F2000
|
| Size: |
8192
|
|
|
38F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F9000
|
| Size: |
4096
|
|
|
36D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36D7000
|
| Size: |
4096
|
|
|
3AD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AD8000
|
| Size: |
20480
|
|
|
3AE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AE6000
|
| Size: |
4096
|
|
|
38ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38ED000
|
| Size: |
4096
|
|
|
3AF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AF9000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2110297059.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
13D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827569073.00000000013D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D0000
|
| Size: |
4096
|
|
|
126A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827487651.000000000126A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
126A000
|
| Size: |
24576
|
|
|
368D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000368D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
368D000
|
| Size: |
49152
|
|
|
3A58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A58000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2092217991.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
1A50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375552966.0000000001A50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A50000
|
| Size: |
4096
|
|
|
39F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39F5000
|
| Size: |
4096
|
|
|
457B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1915419405.000000000457B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
457B000
|
| Size: |
24576
|
|
|
3AA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AA8000
|
| Size: |
4096
|
|
|
46BB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1391092460.00000000046BB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46BB000
|
| Size: |
172032
|
|
|
5E1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2616054954.00000000005E1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5E1000
|
| Size: |
12288
|
|
|
A0F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A0F000
|
| Size: |
8192
|
|
|
3AFB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AFB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AFB000
|
| Size: |
102400
|
|
|
39F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39F3000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100443668.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
1A4A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1375537411.0000000001A4A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A4A000
|
| Size: |
4096
|
|
|
3673000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003673000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3673000
|
| Size: |
20480
|
|
|
372A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000372A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
372A000
|
| Size: |
4096
|
|
|
981000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1911010720.0000000000981000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
981000
|
| Size: |
28672
|
|
|
68C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1396350884.00000000068C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68C6000
|
| Size: |
32768
|
|
|
A34000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A34000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A34000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
1AC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1375649070.0000000001AC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1AC0000
|
| Size: |
65536
|
|
|
35D3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035D3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35D3000
|
| Size: |
4096
|
|
|
485D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2617586828.000000000485D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
485D000
|
| Size: |
4096
|
|
|
2700000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1982171736.0000000002700000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2700000
|
| Size: |
925696
|
|
|
3988000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003988000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3988000
|
| Size: |
4096
|
|
|
3A91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A91000
|
| Size: |
4096
|
|
|
A14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A14000
|
| Size: |
8192
|
|
|
3818000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003818000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3818000
|
| Size: |
4096
|
|
|
3705000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003705000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3705000
|
| Size: |
12288
|
|
|
3853000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003853000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3853000
|
| Size: |
4096
|
|
|
3A5A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A5A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A5A000
|
| Size: |
4096
|
|
|
366C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000366C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
366C000
|
| Size: |
4096
|
|
|
126A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2615981843.000000000126A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
126A000
|
| Size: |
24576
|
|
|
39A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39A5000
|
| Size: |
12288
|
|
|
331C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375797811.000000000331C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
331C000
|
| Size: |
16384
|
|
|
3594000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003594000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3594000
|
| Size: |
12288
|
|
|
20F44121000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214398181.0000020F44121000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F44121000
|
| Size: |
4096
|
|
|
20F42690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214213682.0000020F42690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F42690000
|
| Size: |
8192
|
|
|
1530000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1373954307.0000000001530000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1530000
|
| Size: |
4096
|
|
|
6650000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1395789502.0000000006650000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6650000
|
| Size: |
28672
|
|
|
3986000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003986000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3986000
|
| Size: |
4096
|
|
|
771E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2109575346.000000000771E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
771E000
|
| Size: |
12288
|
|
|
20F42742000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2164855281.0000020F42742000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F42742000
|
| Size: |
20480
|
|
|
A4D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A4D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A4D000
|
| Size: |
8192
|
|
|
5B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2615886513.00000000005B0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5B0000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100400738.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
384B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000384B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
384B000
|
| Size: |
4096
|
|
|
3603000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003603000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3603000
|
| Size: |
4096
|
|
|
136C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827508552.000000000136C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
136C000
|
| Size: |
16384
|
|
|
13B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827540932.00000000013B0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
13B0000
|
| Size: |
4096
|
|
|
3A5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A5C000
|
| Size: |
4096
|
|
|
3A0C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A0C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A0C000
|
| Size: |
4096
|
|
|
7683000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2101082602.0000000007683000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7683000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
BCA000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2616880626.0000000000BCA000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
BCA000
|
| Size: |
8192
|
|
|
3AE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AE4000
|
| Size: |
4096
|
|
|
388B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000388B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
388B000
|
| Size: |
4096
|
|
|
35CF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035CF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35CF000
|
| Size: |
4096
|
|
|
3656000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003656000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3656000
|
| Size: |
53248
|
|
|
20F424B0000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2214089934.0000020F424B0000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
20F424B0000
|
| Size: |
376832
|
|
|
3B17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003B17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3B17000
|
| Size: |
4096
|
|
|
381C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000381C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
381C000
|
| Size: |
4096
|
|
|
17DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374354930.00000000017DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17DF000
|
| Size: |
4096
|
|
|
371B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000371B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
371B000
|
| Size: |
8192
|
|
|
A0F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A0F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A0F000
|
| Size: |
8192
|
|
|
398A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000398A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
398A000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2092457574.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
1081000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1982060880.0000000001081000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1081000
|
| Size: |
348160
|
|
|
2580000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1911046997.0000000002580000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
2580000
|
| Size: |
10485760
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100059805.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
13B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2616142607.00000000013B0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
13B0000
|
| Size: |
4096
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000008.00000000.1981744015.0000000000891000.00000020.00000001.01000000.00000007.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
891000
|
| Size: |
57344
|
|
|
9D9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.00000000009D9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D9000
|
| Size: |
4096
|
|
|
2F80000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1911046997.0000000002F80000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
2F80000
|
| Size: |
10485760
|
|
|
37E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37E4000
|
| Size: |
12288
|
|
|
3A18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A18000
|
| Size: |
4096
|
|
|
76F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2109575346.00000000076F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76F4000
|
| Size: |
4096
|
|
|
6410000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1394118715.0000000006410000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6410000
|
| Size: |
65536
|
|
|
3914000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003914000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3914000
|
| Size: |
57344
|
|
|
3A97000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A97000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A97000
|
| Size: |
4096
|
|
|
BFE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1981933055.0000000000BFE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BFE000
|
| Size: |
90112
|
|
|
4600000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2617251944.0000000004600000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
4600000
|
| Size: |
10485760
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100025067.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
5A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2615841617.00000000005A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5A0000
|
| Size: |
4096
|
|
|
1200000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827472299.0000000001200000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1200000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100729205.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
E74DDFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214064478.000000E74DDFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E74DDFF000
|
| Size: |
4096
|
|
|
2502000
|
system
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2212834626.0000000002502000.00000004.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page read and write
|
| Base address: |
2502000
|
| Size: |
4096
|
|
|
366E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000366E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
366E000
|
| Size: |
4096
|
|
|
1450000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616396329.0000000001450000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1450000
|
| Size: |
20480
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094185118.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3ABF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003ABF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ABF000
|
| Size: |
12288
|
|
|
3887000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003887000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3887000
|
| Size: |
4096
|
|
|
1AB0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1910079458.0000000001AB0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
1AB0000
|
| Size: |
274432
|
|
|
793C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620768347.000000000793C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
793C000
|
| Size: |
16384
|
|
|
B4D000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2616880626.0000000000B4D000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
B4D000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098331286.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094269813.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3801000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003801000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3801000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095397161.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
36E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36E6000
|
| Size: |
53248
|
|
|
3849000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003849000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3849000
|
| Size: |
4096
|
|
|
4861000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2617586828.0000000004861000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4861000
|
| Size: |
458752
|
|
|
250E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2617685340.000000000250E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
250E000
|
| Size: |
8192
|
|
|
3713000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003713000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3713000
|
| Size: |
4096
|
|
|
A90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2616709647.0000000000A90000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A90000
|
| Size: |
16384
|
|
|
165D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374186576.000000000165D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
165D000
|
| Size: |
12288
|
|
|
5535000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000004.00000002.2617251944.0000000005535000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
5535000
|
| Size: |
10485760
|
|
|
3720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3720000
|
| Size: |
36864
|
|
|
3AE2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AE2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AE2000
|
| Size: |
4096
|
|
|
5F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1981701771.00000000005F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
4096
|
|
|
AD6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2616794584.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD6000
|
| Size: |
8192
|
|
|
377D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000377D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
377D000
|
| Size: |
4096
|
|
|
169E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374202680.000000000169E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
169E000
|
| Size: |
8192
|
|
|
B57000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2616880626.0000000000B57000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
B57000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3624000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003624000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3624000
|
| Size: |
4096
|
|
|
38D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38D8000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099405061.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
AD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2616794584.0000000000AD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD0000
|
| Size: |
16384
|
|
|
450A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1915419405.000000000450A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450A000
|
| Size: |
458752
|
|
|
3607000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003607000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3607000
|
| Size: |
4096
|
|
|
4F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2615713869.00000000004F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4F0000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096896267.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2110379619.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2615932491.00000000005C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
4096
|
|
|
38D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38D6000
|
| Size: |
4096
|
|
|
3858000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003858000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3858000
|
| Size: |
4096
|
|
|
35EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35EA000
|
| Size: |
4096
|
|
|
375E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000375E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
375E000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095071756.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
10FA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1906012866.00000000010FA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10FA000
|
| Size: |
24576
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2093597541.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3890000
|
| Size: |
4096
|
|
|
9DE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.00000000009DE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9DE000
|
| Size: |
8192
|
|
|
2530000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1982109991.0000000002530000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2530000
|
| Size: |
8192
|
|
|
20F425B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214190494.0000020F425B0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F425B0000
|
| Size: |
4096
|
|
|
184D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.000000000184D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
184D000
|
| Size: |
16384
|
|
|
9FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.00000000009FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9FF000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097875841.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098247708.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
67AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1395891108.00000000067AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67AE000
|
| Size: |
8192
|
|
|
384D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000384D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
384D000
|
| Size: |
4096
|
|
|
5F2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393208867.0000000005F2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F2E000
|
| Size: |
8192
|
|
|
36B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B9000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2101792990.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
18D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.00000000018D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18D6000
|
| Size: |
36864
|
|
|
3AED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AED000
|
| Size: |
12288
|
|
|
9BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1981837328.00000000009BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9BC000
|
| Size: |
16384
|
|
|
98C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1908903734.000000000098C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
98C000
|
| Size: |
24576
|
|
|
590000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2615795023.0000000000590000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
590000
|
| Size: |
4096
|
|
|
3370000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1375874314.0000000003370000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
3370000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2098676605.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3717000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003717000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3717000
|
| Size: |
4096
|
|
|
4FA4000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2618298895.0000000004FA4000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
4FA4000
|
| Size: |
8192
|
|
|
5E1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1981681718.00000000005E1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5E1000
|
| Size: |
12288
|
|
|
5F0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2616115379.00000000005F0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2110255350.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
BFA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2617354376.0000000000BFA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BFA000
|
| Size: |
8192
|
|
|
98C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1909407578.000000000098C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
98C000
|
| Size: |
24576
|
|
|
13A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827525546.00000000013A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
13A0000
|
| Size: |
4096
|
|
|
1ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375633092.0000000001ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
1ABE000
|
| Size: |
8192
|
|
|
36A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36A6000
|
| Size: |
4096
|
|
|
39F7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039F7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39F7000
|
| Size: |
4096
|
|
|
386E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000386E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
386E000
|
| Size: |
12288
|
|
|
3A2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A2F000
|
| Size: |
4096
|
|
|
6440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1394257619.0000000006440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6440000
|
| Size: |
40960
|
|
|
3A5E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A5E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A5E000
|
| Size: |
57344
|
|
|
890000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2616351062.0000000000890000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
890000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095957694.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
35AF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035AF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35AF000
|
| Size: |
12288
|
|
|
3A6D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A6D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A6D000
|
| Size: |
4096
|
|
|
814000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1915750705.0000000000814000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
814000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097685287.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
38F3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038F3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F3000
|
| Size: |
4096
|
|
|
65A0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1394905071.00000000065A0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
65A0000
|
| Size: |
286720
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
6460000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1394367205.0000000006460000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
6460000
|
| Size: |
618496
|
|
|
181F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827888464.000000000181F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
181F000
|
| Size: |
4096
|
|
|
621F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393308127.000000000621F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
621F000
|
| Size: |
4096
|
|
|
8A6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2616534025.00000000008A6000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8A6000
|
| Size: |
8192
|
|
|
290C000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2618028068.000000000290C000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
290C000
|
| Size: |
4096
|
|
|
1A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375455349.0000000001A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A40000
|
| Size: |
4096
|
|
|
1B30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1910992204.0000000001B30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B30000
|
| Size: |
8192
|
|
|
398C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000398C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
398C000
|
| Size: |
4096
|
|
|
2ACC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2618028068.0000000002ACC000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2ACC000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2442000
|
system
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2212834626.0000000002442000.00000004.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page read and write
|
| Base address: |
2442000
|
| Size: |
4096
|
|
|
6660000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1395819727.0000000006660000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6660000
|
| Size: |
65536
|
|
|
20F4272C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214252053.0000020F4272C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F4272C000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3ACF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003ACF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ACF000
|
| Size: |
4096
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1981933055.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
32768
|
|
|
9F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.00000000009F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F2000
|
| Size: |
8192
|
|
|
A1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A1A000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097076159.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
46B9000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2617586828.00000000046B9000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
46B9000
|
| Size: |
4096
|
|
|
1200000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2615934464.0000000001200000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1200000
|
| Size: |
4096
|
|
|
3681000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003681000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3681000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097040920.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3756000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003756000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3756000
|
| Size: |
4096
|
|
|
6980000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1396524926.0000000006980000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6980000
|
| Size: |
233472
|
|
|
5A60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1392946580.0000000005A60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A60000
|
| Size: |
65536
|
|
|
9EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.00000000009EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9EC000
|
| Size: |
12288
|
|
|
3A29000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A29000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A29000
|
| Size: |
12288
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095556241.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2100279914.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3A0E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A0E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A0E000
|
| Size: |
4096
|
|
|
37CF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037CF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37CF000
|
| Size: |
65536
|
|
|
3796000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003796000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3796000
|
| Size: |
4096
|
|
|
5A5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1392926803.0000000005A5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A5F000
|
| Size: |
4096
|
|
|
FE0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2615843199.0000000000FE0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FE0000
|
| Size: |
4096
|
|
|
810000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2615888991.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
810000
|
| Size: |
16384
|
|
|
48B5000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1911046997.00000000048B5000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
48B5000
|
| Size: |
3530752
|
|
|
5B0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1981626846.00000000005B0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5B0000
|
| Size: |
4096
|
|
|
FF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827456431.0000000000FF0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FF0000
|
| Size: |
4096
|
|
|
1A46000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1375523348.0000000001A46000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A46000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2092977467.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
76FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2109575346.00000000076FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76FA000
|
| Size: |
12288
|
|
|
20F42518000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.2214089934.0000020F42518000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
20F42518000
|
| Size: |
12288
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094643250.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
36DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36DB000
|
| Size: |
4096
|
|
|
890000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000000.1981724748.0000000000890000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
890000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099834979.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
1A52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375566818.0000000001A52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A52000
|
| Size: |
4096
|
|
|
8A6000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1981790143.00000000008A6000.00000004.00000001.01000000.00000007.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8A6000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099546738.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
20F43F90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214336536.0000020F43F90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F43F90000
|
| Size: |
12288
|
|
|
37F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37F1000
|
| Size: |
28672
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096355169.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099140780.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3AC5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AC5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AC5000
|
| Size: |
4096
|
|
|
386C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000386C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
386C000
|
| Size: |
4096
|
|
|
1A42000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375470240.0000000001A42000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A42000
|
| Size: |
4096
|
|
|
36AF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036AF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36AF000
|
| Size: |
4096
|
|
|
4FFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2619469940.0000000004FFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FFC000
|
| Size: |
16384
|
|
|
381E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000381E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
381E000
|
| Size: |
4096
|
|
|
1AE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375691045.0000000001AE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1AE0000
|
| Size: |
65536
|
|
|
76D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76D6000
|
| Size: |
12288
|
|
|
3AAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AAE000
|
| Size: |
12288
|
|
|
370F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000370F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
370F000
|
| Size: |
4096
|
|
|
44D5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1391092460.00000000044D5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
44D5000
|
| Size: |
913408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2092288216.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3806000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003806000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3806000
|
| Size: |
4096
|
|
|
3046000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2618028068.0000000003046000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3046000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4220000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2617255693.0000000004220000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4220000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2093186392.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
37FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37FD000
|
| Size: |
4096
|
|
|
A46000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A46000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A46000
|
| Size: |
12288
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1915709886.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
65536
|
|
|
3AC9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AC9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AC9000
|
| Size: |
4096
|
|
|
3923000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003923000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3923000
|
| Size: |
4096
|
|
|
3798000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003798000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3798000
|
| Size: |
4096
|
|
|
3AC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AC3000
|
| Size: |
4096
|
|
|
3965000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003965000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3965000
|
| Size: |
4096
|
|
|
20F4273B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2164855281.0000020F4273B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
20F4273B000
|
| Size: |
4096
|
|
|
3AD1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AD1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AD1000
|
| Size: |
24576
|
|
|
1560000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000000.1827770834.0000000001560000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1560000
|
| Size: |
4096
|
|
|
63D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393954686.00000000063D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
63D0000
|
| Size: |
61440
|
|
|
35E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35E6000
|
| Size: |
4096
|
|
|
2530000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2617724944.0000000002530000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2530000
|
| Size: |
12288
|
|
|
6430000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1394206177.0000000006430000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6430000
|
| Size: |
45056
|
|
|
7718000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.0000000007718000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7718000
|
| Size: |
73728
|
|
|
1A3D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1375435919.0000000001A3D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A3D000
|
| Size: |
4096
|
|
|
359E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000359E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
359E000
|
| Size: |
4096
|
|
|
3803000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003803000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3803000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099307221.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3A8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A8F000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099582802.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3925000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003925000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3925000
|
| Size: |
12288
|
|
|
1B30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375779761.0000000001B30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1B30000
|
| Size: |
16384
|
|
|
3AF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AF1000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095921371.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
3653000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003653000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3653000
|
| Size: |
4096
|
|
|
B73000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2616880626.0000000000B73000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
B73000
|
| Size: |
8192
|
|
|
398F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000398F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
398F000
|
| Size: |
53248
|
|
|
1A5B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1375599914.0000000001A5B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1A5B000
|
| Size: |
4096
|
|
|
1A24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375311394.0000000001A24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1A24000
|
| Size: |
4096
|
|
|
20F43FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000003.2163499887.0000020F43FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
20F43FA0000
|
| Size: |
4096
|
|
|
3779000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003779000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3779000
|
| Size: |
4096
|
|
|
3736000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003736000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3736000
|
| Size: |
8192
|
|
|
76AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76AB000
|
| Size: |
8192
|
|
|
7E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2615842487.00000000007E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E0000
|
| Size: |
4096
|
|
|
18BE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.00000000018BE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
18BE000
|
| Size: |
20480
|
|
|
50FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2619497820.00000000050FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50FF000
|
| Size: |
4096
|
|
|
985000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000985000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
985000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095114120.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1920653927.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
204800
|
|
|
394E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000394E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
394E000
|
| Size: |
4096
|
|
|
3689000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003689000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3689000
|
| Size: |
4096
|
|
|
35AD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035AD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35AD000
|
| Size: |
4096
|
|
|
FD0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1363058884.0000000000FD0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FD0000
|
| Size: |
4096
|
|
|
3701000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003701000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3701000
|
| Size: |
12288
|
|
|
4506000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1915419405.0000000004506000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4506000
|
| Size: |
4096
|
|
|
3685000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003685000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3685000
|
| Size: |
4096
|
|
|
38A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38A0000
|
| Size: |
4096
|
|
|
66AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1395867314.00000000066AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66AE000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2095519179.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
36B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36B1000
|
| Size: |
12288
|
|
|
3773000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003773000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3773000
|
| Size: |
4096
|
|
|
37C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000037C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37C1000
|
| Size: |
4096
|
|
|
38C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000038C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38C4000
|
| Size: |
53248
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099473412.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099373528.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
360C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000360C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
360C000
|
| Size: |
45056
|
|
|
1431000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827705183.0000000001431000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
1431000
|
| Size: |
12288
|
|
|
98C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1912818190.000000000098C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
98C000
|
| Size: |
24576
|
|
|
3881000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003881000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3881000
|
| Size: |
4096
|
|
|
48E2000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2618298895.00000000048E2000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
48E2000
|
| Size: |
4096
|
|
|
978000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000978000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
978000
|
| Size: |
45056
|
|
|
CF0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2617539752.0000000000CF0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
CF0000
|
| Size: |
32768
|
|
|
3816000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003816000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3816000
|
| Size: |
4096
|
|
|
3929000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003929000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3929000
|
| Size: |
4096
|
|
|
89F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000002.2615712200.000000000089F000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
89F000
|
| Size: |
28672
|
|
|
25F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2617793470.00000000025F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25F0000
|
| Size: |
8192
|
|
|
7D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620927534.0000000007D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D9E000
|
| Size: |
8192
|
|
|
5EA6000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393154384.0000000005EA6000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EA6000
|
| Size: |
40960
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2093841342.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
11CC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1373708911.00000000011CC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
11CC000
|
| Size: |
16384
|
|
|
3668000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003668000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3668000
|
| Size: |
4096
|
|
|
6400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1394077532.0000000006400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6400000
|
| Size: |
65536
|
|
|
1560000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616467247.0000000001560000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
1560000
|
| Size: |
4096
|
|
|
3A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A10000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094231475.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2096633920.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
36FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36FA000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1920831913.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
850000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2616247116.0000000000850000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
850000
|
| Size: |
12288
|
|
|
377B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000377B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
377B000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2092927888.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
17E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1374372337.00000000017E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17E8000
|
| Size: |
16384
|
|
|
891000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000004.00000000.1827369760.0000000000891000.00000020.00000001.01000000.00000007.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
891000
|
| Size: |
57344
|
|
|
39F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39F9000
|
| Size: |
4096
|
|
|
36F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36F8000
|
| Size: |
4096
|
|
|
3100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616917156.0000000003100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3100000
|
| Size: |
8192
|
|
|
930000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1925248941.0000000000930000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
930000
|
| Size: |
147456
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1930959877.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
36E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000036E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
36E1000
|
| Size: |
4096
|
|
|
39FB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000039FB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
39FB000
|
| Size: |
12288
|
|
|
2700000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2617913317.0000000002700000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2700000
|
| Size: |
925696
|
|
|
49FC000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2618298895.00000000049FC000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
49FC000
|
| Size: |
4096
|
|
|
3AAA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003AAA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3AAA000
|
| Size: |
4096
|
|
|
3A2D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A2D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A2D000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2097417201.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
2ACC000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000008.00000000.1982252581.0000000002ACC000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2ACC000
|
| Size: |
49152
|
|
|
A46000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A46000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A46000
|
| Size: |
12288
|
|
|
3A52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A52000
|
| Size: |
4096
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099437933.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
98C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1910099920.000000000098C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
98C000
|
| Size: |
24576
|
|
|
A1F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2616112369.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A1F000
|
| Size: |
4096
|
|
|
A28000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2106577449.0000000000A28000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A28000
|
| Size: |
8192
|
|
|
1760000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1906353643.0000000001760000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1760000
|
| Size: |
1208320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4D0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2615565409.00000000004D0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4D0000
|
| Size: |
4096
|
|
|
5BDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1393045883.0000000005BDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BDE000
|
| Size: |
8192
|
|
|
162E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.2616590138.000000000162E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
162E000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2094144159.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2093929147.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
4096
|
|
|
992000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.1910937820.0000000000992000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
992000
|
| Size: |
20480
|
|
|
55A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2615760017.000000000055A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55A000
|
| Size: |
24576
|
|
|
76AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.2620126209.00000000076AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76AE000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1889000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1906353643.0000000001889000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1889000
|
| Size: |
4096
|
|
|
385A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.000000000385A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
385A000
|
| Size: |
45056
|
|
|
4221000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000003.2099760138.0000000004221000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4221000
|
| Size: |
8192
|
|
|
3A7B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003A7B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A7B000
|
| Size: |
49152
|
|
|
E74D5FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.2214038056.000000E74D5FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E74D5FE000
|
| Size: |
8192
|
|
|
4590000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.2617586828.0000000004590000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4590000
|
| Size: |
1208320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
3598000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.0000000003598000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3598000
|
| Size: |
4096
|
|
|
35F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1375904708.00000000035F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35F1000
|
| Size: |
12288
|
|
|
FE0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000004.00000000.1827440925.0000000000FE0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
FE0000
|
| Size: |
4096
|
|
|
6600000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1395678024.0000000006600000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6600000
|
| Size: |
65536
|
|
