|
2D31000
|
trusted library allocation
|
page read and write
|
 |
|
|
| Name: |
00000005.00000002.3268479910.0000000002D31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D31000
|
| Size: |
167936
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
|
4FE5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2330537527.0000000004FE5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FE5000
|
| Size: |
1249280
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
|
|
7701000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338925965.0000000007701000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7701000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
|
|
726F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2129103497.000000000726F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
726F000
|
| Size: |
688128
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
|
|
7B90000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2156596247.0000000007B90000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7B90000
|
| Size: |
430080
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
|
|
313D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.000000000313D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
313D000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
331D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.000000000331D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
331D000
|
| Size: |
1097728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
6FE1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2129103497.0000000006FE1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FE1000
|
| Size: |
2453504
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
|
|
2E75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E75000
|
| Size: |
1097728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
8747000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2158526892.0000000008747000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8747000
|
| Size: |
589824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
312B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.000000000312B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
312B000
|
| Size: |
114688
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7670000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2146768107.0000000007670000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7670000
|
| Size: |
2277376
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
3111000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.0000000003111000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3111000
|
| Size: |
167936
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
|
6331000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2129103497.0000000006331000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6331000
|
| Size: |
10485760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
4B1D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2115370374.0000000004B1D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B1D000
|
| Size: |
1228800
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
|
|
7611000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338925965.0000000007611000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7611000
|
| Size: |
757760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Costura Assembly Loader |
Data Obfuscation |
|
|
|
35C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000035C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35C1000
|
| Size: |
630784
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2D5D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D5D000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4658000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2115370374.0000000004658000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4658000
|
| Size: |
4972544
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected PureLog Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
8E61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2350264475.0000000008E61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8E61000
|
| Size: |
499712
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected AgentTesla |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| URLs found in memory or binary data |
Networking |
|
|
|
F47000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262726081.0000000000F47000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F47000
|
| Size: |
745472
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
635E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315362239.000000000635E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
635E000
|
| Size: |
8192
|
|
|
1060000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307833265.0000000001060000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1060000
|
| Size: |
24576
|
|
|
F07000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112007815.0000000000F07000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F07000
|
| Size: |
81920
|
|
|
32CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32CB000
|
| Size: |
4096
|
|
|
3143000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.0000000003143000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3143000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2EC8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002EC8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EC8000
|
| Size: |
49152
|
|
|
1120000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112391873.0000000001120000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1120000
|
| Size: |
16384
|
|
|
582E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127879314.000000000582E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
582E000
|
| Size: |
8192
|
|
|
6A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3298197622.0000000006A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A20000
|
| Size: |
8192
|
|
|
7C20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2346195706.0000000007C20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C20000
|
| Size: |
65536
|
|
|
3151000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003151000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3151000
|
| Size: |
1204224
|
|
|
691E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3296458833.000000000691E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
691E000
|
| Size: |
8192
|
|
|
77B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338925965.00000000077B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
77B9000
|
| Size: |
380928
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2C9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002C9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C9F000
|
| Size: |
4096
|
|
|
5532000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293322222.0000000005532000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5532000
|
| Size: |
28672
|
|
|
2EC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312009304.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2EC0000
|
| Size: |
4096
|
|
|
8220000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2349188435.0000000008220000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8220000
|
| Size: |
65536
|
|
|
3D1F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3287891244.0000000003D1F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D1F000
|
| Size: |
4096
|
|
|
5ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3295377790.0000000005ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ABE000
|
| Size: |
8192
|
|
|
2E21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E21000
|
| Size: |
4096
|
|
|
80B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2348038570.00000000080B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
80B0000
|
| Size: |
65536
|
|
|
329B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.000000000329B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
329B000
|
| Size: |
4096
|
|
|
8BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2350082475.0000000008BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8BB0000
|
| Size: |
4096
|
|
|
7BB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2345254060.0000000007BB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BB0000
|
| Size: |
4096
|
|
|
F2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112007815.0000000000F2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F2B000
|
| Size: |
147456
|
|
|
317E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.000000000317E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
317E000
|
| Size: |
4096
|
|
|
3ED1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2313495380.0000000003ED1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ED1000
|
| Size: |
20480
|
|
|
7C50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2346613474.0000000007C50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7C50000
|
| Size: |
65536
|
|
|
609E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128824214.000000000609E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
609E000
|
| Size: |
8192
|
|
|
2C3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112882428.0000000002C3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2C3F000
|
| Size: |
4096
|
|
|
2F24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312066368.0000000002F24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F24000
|
| Size: |
4096
|
|
|
5C1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314627790.0000000005C1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C1E000
|
| Size: |
8192
|
|
|
61DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296152188.00000000061DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61DD000
|
| Size: |
12288
|
|
|
57FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3295002680.00000000057FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57FC000
|
| Size: |
16384
|
|
|
645E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296455832.000000000645E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
645E000
|
| Size: |
8192
|
|
|
2F4E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312066368.0000000002F4E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F4E000
|
| Size: |
8192
|
|
|
DB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111753405.0000000000DB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DB2000
|
| Size: |
4096
|
|
|
327E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.000000000327E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
327E000
|
| Size: |
4096
|
|
|
2E3C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E3C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E3C000
|
| Size: |
4096
|
|
|
1467000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311209479.0000000001467000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1467000
|
| Size: |
53248
|
|
|
60BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315184361.00000000060BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60BE000
|
| Size: |
8192
|
|
|
14D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3262113718.00000000014D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14D6000
|
| Size: |
118784
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
1430000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311166182.0000000001430000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1430000
|
| Size: |
4096
|
|
|
426000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.0000000000426000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
426000
|
| Size: |
4096
|
|
|
3159000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.0000000003159000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3159000
|
| Size: |
4096
|
|
|
62DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296286628.00000000062DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
62DF000
|
| Size: |
4096
|
|
|
649E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315426694.000000000649E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
649E000
|
| Size: |
8192
|
|
|
32CF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032CF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32CF000
|
| Size: |
4096
|
|
|
3509000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003509000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3509000
|
| Size: |
421888
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
1632000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3266082154.0000000001632000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1632000
|
| Size: |
4096
|
|
|
5541000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293322222.0000000005541000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5541000
|
| Size: |
16384
|
|
|
7B4A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2344842060.0000000007B4A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B4A000
|
| Size: |
245760
|
|
|
32AE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032AE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32AE000
|
| Size: |
4096
|
|
|
1127000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112391873.0000000001127000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1127000
|
| Size: |
8192
|
|
|
E40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111989223.0000000000E40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E40000
|
| Size: |
65536
|
|
|
144E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311209479.000000000144E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
144E000
|
| Size: |
98304
|
|
|
1052000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3266045243.0000000001052000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1052000
|
| Size: |
4096
|
|
|
60CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337842506.00000000060CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60CE000
|
| Size: |
8192
|
|
|
7930000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2154596471.0000000007930000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7930000
|
| Size: |
65536
|
|
|
5BBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3295440326.0000000005BBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BBF000
|
| Size: |
4096
|
|
|
E2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111950740.0000000000E2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2E000
|
| Size: |
8192
|
|
|
6E92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3299083810.0000000006E92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E92000
|
| Size: |
12288
|
|
|
2ED5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002ED5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED5000
|
| Size: |
135168
|
|
|
AF7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111385951.0000000000AF7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF7000
|
| Size: |
36864
|
|
|
2E0C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E0C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E0C000
|
| Size: |
4096
|
|
|
32EC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32EC000
|
| Size: |
4096
|
|
|
7F280000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3299524092.000000007F280000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7F280000
|
| Size: |
4096
|
|
|
5E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314916808.0000000005E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E6F000
|
| Size: |
4096
|
|
|
107E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307833265.000000000107E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
107E000
|
| Size: |
45056
|
|
|
2E4B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E4B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E4B000
|
| Size: |
36864
|
|
|
2E1D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E1D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E1D000
|
| Size: |
4096
|
|
|
1090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3266420483.0000000001090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1090000
|
| Size: |
8192
|
|
|
641F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296409387.000000000641F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
641F000
|
| Size: |
4096
|
|
|
7470000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2145812765.0000000007470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7470000
|
| Size: |
258048
|
|
|
67A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3297884556.00000000067A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
67A0000
|
| Size: |
65536
|
|
|
556E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2313850541.000000000556E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
556E000
|
| Size: |
8192
|
|
|
7941000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338925965.0000000007941000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7941000
|
| Size: |
94208
|
|
|
648E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338175207.000000000648E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
648E000
|
| Size: |
8192
|
|
|
56F0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3294902412.00000000056F0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
56F0000
|
| Size: |
4096
|
|
|
8130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2348778647.0000000008130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8130000
|
| Size: |
8192
|
|
|
2BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112867697.0000000002BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BFE000
|
| Size: |
8192
|
|
|
572E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127678658.000000000572E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
572E000
|
| Size: |
8192
|
|
|
7C10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2346049328.0000000007C10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C10000
|
| Size: |
65536
|
|
|
32E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32E2000
|
| Size: |
4096
|
|
|
5880000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3295392855.0000000005880000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5880000
|
| Size: |
8192
|
|
|
2BA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267212356.0000000002BA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BA0000
|
| Size: |
32768
|
|
|
2D65000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002D65000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D65000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311584850.0000000002D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D4E000
|
| Size: |
8192
|
|
|
8581000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2158526892.0000000008581000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8581000
|
| Size: |
286720
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2DFE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DFE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DFE000
|
| Size: |
12288
|
|
|
552B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293322222.000000000552B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
552B000
|
| Size: |
8192
|
|
|
1068000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307833265.0000000001068000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1068000
|
| Size: |
86016
|
|
|
E84000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112007815.0000000000E84000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E84000
|
| Size: |
45056
|
|
|
6C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3298910176.0000000006C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C2E000
|
| Size: |
8192
|
|
|
3293000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003293000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3293000
|
| Size: |
4096
|
|
|
5150000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127114118.0000000005150000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5150000
|
| Size: |
4096
|
|
|
333F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.000000000333F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
333F000
|
| Size: |
4096
|
|
|
5F9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128800026.0000000005F9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F9E000
|
| Size: |
8192
|
|
|
697C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3296630965.000000000697C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
697C000
|
| Size: |
229376
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
DAD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2111716649.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DAD000
|
| Size: |
4096
|
|
|
552E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293322222.000000000552E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
552E000
|
| Size: |
12288
|
|
|
78C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2153791202.00000000078C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78C1000
|
| Size: |
12288
|
|
|
2CA5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CA5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CA5000
|
| Size: |
4096
|
|
|
6B80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3299897004.0000000006B80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6B80000
|
| Size: |
65536
|
|
|
7C00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2345855807.0000000007C00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C00000
|
| Size: |
36864
|
|
|
2E0E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E0E000
|
| Size: |
49152
|
|
|
8090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2347745894.0000000008090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8090000
|
| Size: |
61440
|
|
|
2F3A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312066368.0000000002F3A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F3A000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6820000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3298384336.0000000006820000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6820000
|
| Size: |
65536
|
|
|
2BBE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267212356.0000000002BBE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BBE000
|
| Size: |
4096
|
|
|
1110000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307833265.0000000001110000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1110000
|
| Size: |
45056
|
|
|
F18000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262726081.0000000000F18000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F18000
|
| Size: |
135168
|
|
|
30DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267744855.00000000030DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30DE000
|
| Size: |
8192
|
|
|
7AEC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2344170163.0000000007AEC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AEC000
|
| Size: |
12288
|
|
|
680E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338400261.000000000680E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
680E000
|
| Size: |
8192
|
|
|
409000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000409000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
409000
|
| Size: |
32768
|
|
|
EE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262113095.0000000000EE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EE4000
|
| Size: |
8192
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
402000
|
| Size: |
28672
|
|
|
EED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3262180189.0000000000EED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
EED000
|
| Size: |
4096
|
|
|
2D7D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002D7D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D7D000
|
| Size: |
4096
|
|
|
8120000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2348581183.0000000008120000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8120000
|
| Size: |
36864
|
|
|
5883000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3295392855.0000000005883000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5883000
|
| Size: |
53248
|
|
|
61E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128979354.00000000061E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
61E0000
|
| Size: |
4096
|
|
|
1790000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314936357.0000000001790000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1790000
|
| Size: |
8192
|
|
|
2FA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002FA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FA8000
|
| Size: |
86016
|
|
|
32A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32A1000
|
| Size: |
16384
|
|
|
132A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2311267413.000000000132A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
132A000
|
| Size: |
4096
|
|
|
66CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338310243.00000000066CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66CD000
|
| Size: |
12288
|
|
|
2E2E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E2E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E2E000
|
| Size: |
20480
|
|
|
3C58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2115370374.0000000003C58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C58000
|
| Size: |
10485760
|
|
|
56BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2336779082.00000000056BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56BE000
|
| Size: |
8192
|
|
|
3121000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003121000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3121000
|
| Size: |
184320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6E90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3299083810.0000000006E90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E90000
|
| Size: |
4096
|
|
|
32E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32E4000
|
| Size: |
4096
|
|
|
6A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3298804622.0000000006A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A40000
|
| Size: |
4096
|
|
|
645E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315395408.000000000645E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
645E000
|
| Size: |
8192
|
|
|
55A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2336711911.00000000055A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
55A0000
|
| Size: |
4096
|
|
|
1107000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3266848866.0000000001107000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1107000
|
| Size: |
4096
|
|
|
32B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B0000
|
| Size: |
4096
|
|
|
E35000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3261754236.0000000000E35000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E35000
|
| Size: |
12288
|
|
|
7BCE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2345254060.0000000007BCE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BCE000
|
| Size: |
4096
|
|
|
2F00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267515768.0000000002F00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F00000
|
| Size: |
45056
|
|
|
2F06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002F06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F06000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
156F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311550801.000000000156F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
156F000
|
| Size: |
4096
|
|
|
32B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B4000
|
| Size: |
4096
|
|
|
F00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262516590.0000000000F00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F00000
|
| Size: |
4096
|
|
|
2CA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CA7000
|
| Size: |
4096
|
|
|
84FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2158031331.00000000084FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
84FC000
|
| Size: |
16384
|
|
|
8150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2349033293.0000000008150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8150000
|
| Size: |
4096
|
|
|
3295000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003295000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3295000
|
| Size: |
4096
|
|
|
511E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2126996656.000000000511E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
511E000
|
| Size: |
8192
|
|
|
E5E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112007815.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E5E000
|
| Size: |
98304
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
3101000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003101000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3101000
|
| Size: |
86016
|
|
|
12E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2310559234.00000000012E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12E0000
|
| Size: |
8192
|
|
|
80F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2348361337.00000000080F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
80F0000
|
| Size: |
65536
|
|
|
600C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337614963.000000000600C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
600C000
|
| Size: |
16384
|
|
|
30CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315290089.00000000030CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30CE000
|
| Size: |
8192
|
|
|
2E29000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E29000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E29000
|
| Size: |
4096
|
|
|
843B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157949362.000000000843B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
843B000
|
| Size: |
20480
|
|
|
685E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338481530.000000000685E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
685E000
|
| Size: |
8192
|
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2309865198.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12E0000
|
| Size: |
16384
|
|
|
3184000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003184000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3184000
|
| Size: |
4096
|
|
|
108A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307833265.000000000108A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
108A000
|
| Size: |
20480
|
|
|
2DF3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DF3000
|
| Size: |
4096
|
|
|
16D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3266875626.00000000016D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16D0000
|
| Size: |
65536
|
|
|
5BDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314588445.0000000005BDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BDE000
|
| Size: |
8192
|
|
|
32EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32EE000
|
| Size: |
4096
|
|
|
52E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3294713207.00000000052E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52E0000
|
| Size: |
8192
|
|
|
5130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127043170.0000000005130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5130000
|
| Size: |
65536
|
|
|
7920000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2154488259.0000000007920000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7920000
|
| Size: |
65536
|
|
|
1610000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3265482864.0000000001610000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1610000
|
| Size: |
4096
|
|
|
2D6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002D6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D6E000
|
| Size: |
8192
|
|
|
1502000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311209479.0000000001502000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1502000
|
| Size: |
45056
|
|
|
1122000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307833265.0000000001122000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1122000
|
| Size: |
126976
|
|
|
1789000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314789103.0000000001789000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1789000
|
| Size: |
4096
|
|
|
8270000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2349465897.0000000008270000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8270000
|
| Size: |
57344
|
|
|
2BB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267212356.0000000002BB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BB2000
|
| Size: |
28672
|
|
|
61BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315238476.00000000061BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61BE000
|
| Size: |
8192
|
|
|
57FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3295328438.00000000057FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57FE000
|
| Size: |
8192
|
|
|
74BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2145812765.00000000074BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
74BA000
|
| Size: |
12288
|
|
|
7C40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2346478912.0000000007C40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C40000
|
| Size: |
65536
|
|
|
2BC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267212356.0000000002BC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BC6000
|
| Size: |
16384
|
|
|
DB6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2111770810.0000000000DB6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DB6000
|
| Size: |
8192
|
|
|
1418000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3262113718.0000000001418000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1418000
|
| Size: |
86016
|
|
|
669E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296634000.000000000669E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
669E000
|
| Size: |
8192
|
|
|
10B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112319220.00000000010B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10B0000
|
| Size: |
8192
|
|
|
7900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2154280382.0000000007900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7900000
|
| Size: |
65536
|
|
|
6925000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3296521330.0000000006925000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6925000
|
| Size: |
4096
|
|
|
10F8000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3261557213.00000000010F8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10F8000
|
| Size: |
32768
|
|
|
43A000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.000000000043A000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43A000
|
| Size: |
4096
|
|
|
13F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2310185109.00000000013F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13F0000
|
| Size: |
36864
|
|
|
6B90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3300060199.0000000006B90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B90000
|
| Size: |
20480
|
|
|
5610000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2314061438.0000000005610000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5610000
|
| Size: |
4096
|
|
|
1270000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3261891435.0000000001270000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1270000
|
| Size: |
8192
|
|
|
7A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2155306899.0000000007A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A30000
|
| Size: |
65536
|
|
|
4DFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3293735753.0000000004DFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DFD000
|
| Size: |
12288
|
|
|
5E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128694028.0000000005E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E5E000
|
| Size: |
8192
|
|
|
163E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2313487830.000000000163E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
163E000
|
| Size: |
8192
|
|
|
143A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3262113718.000000000143A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
143A000
|
| Size: |
16384
|
|
|
32E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32E6000
|
| Size: |
4096
|
|
|
1140000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3261652468.0000000001140000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1140000
|
| Size: |
4096
|
|
|
526F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127164381.000000000526F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
526F000
|
| Size: |
4096
|
|
|
3343000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.0000000003343000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3343000
|
| Size: |
28672
|
|
|
3154000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003154000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3154000
|
| Size: |
57344
|
|
|
553E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293322222.000000000553E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
553E000
|
| Size: |
4096
|
|
|
F1D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112007815.0000000000F1D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F1D000
|
| Size: |
53248
|
|
|
40E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3287265615.00000000040E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
40E1000
|
| Size: |
126976
|
|
|
16F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314050609.00000000016F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16F0000
|
| Size: |
131072
|
|
|
51DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293228424.00000000051DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51DD000
|
| Size: |
12288
|
|
|
2F46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312066368.0000000002F46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F46000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6B70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3299769061.0000000006B70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B70000
|
| Size: |
49152
|
|
|
2AA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112615846.0000000002AA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AA0000
|
| Size: |
131072
|
|
|
C0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111404154.0000000000C0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C0E000
|
| Size: |
8192
|
|
|
3D01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3287891244.0000000003D01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
36864
|
|
|
10F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3266609049.00000000010F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
10F0000
|
| Size: |
65536
|
|
|
519C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3293986450.000000000519C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
519C000
|
| Size: |
16384
|
|
|
8133000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2348778647.0000000008133000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8133000
|
| Size: |
4096
|
|
|
1642000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3266281769.0000000001642000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1642000
|
| Size: |
4096
|
|
|
5893000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3295618610.0000000005893000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5893000
|
| Size: |
36864
|
|
|
5B7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128517167.0000000005B7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5B7E000
|
| Size: |
8192
|
|
|
11C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2310340437.00000000011C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C0000
|
| Size: |
16384
|
|
|
2D8D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002D8D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D8D000
|
| Size: |
1282048
|
|
|
3180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3180000
|
| Size: |
4096
|
|
|
7A80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2155823949.0000000007A80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A80000
|
| Size: |
32768
|
|
|
2E0A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E0A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E0A000
|
| Size: |
4096
|
|
|
7972000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2344109933.0000000007972000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7972000
|
| Size: |
8192
|
|
|
F06000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3262613681.0000000000F06000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F06000
|
| Size: |
8192
|
|
|
2E34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E34000
|
| Size: |
28672
|
|
|
32AA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032AA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32AA000
|
| Size: |
4096
|
|
|
523E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3294224786.000000000523E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
523E000
|
| Size: |
8192
|
|
|
150E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3262113718.000000000150E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
150E000
|
| Size: |
4096
|
|
|
4147000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3287265615.0000000004147000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4147000
|
| Size: |
1208320
|
|
|
16E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2313933280.00000000016E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16E0000
|
| Size: |
16384
|
|
|
2E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311740637.0000000002E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E9E000
|
| Size: |
8192
|
|
|
3163000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003163000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3163000
|
| Size: |
28672
|
|
|
60DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128886573.00000000060DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
60DE000
|
| Size: |
8192
|
|
|
1415000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2310908737.0000000001415000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1415000
|
| Size: |
4096
|
|
|
5FFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315016836.0000000005FFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5FFC000
|
| Size: |
16384
|
|
|
5520000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293322222.0000000005520000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5520000
|
| Size: |
20480
|
|
|
3303000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003303000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3303000
|
| Size: |
102400
|
|
|
1417000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2311000644.0000000001417000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1417000
|
| Size: |
4096
|
|
|
32B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.00000000032B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B5000
|
| Size: |
135168
|
|
|
6A33000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3298440347.0000000006A33000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A33000
|
| Size: |
53248
|
|
|
1307000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3261998977.0000000001307000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1307000
|
| Size: |
4096
|
|
|
16AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3266467850.00000000016AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16AE000
|
| Size: |
8192
|
|
|
327A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.000000000327A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
327A000
|
| Size: |
4096
|
|
|
7211000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338925965.0000000007211000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7211000
|
| Size: |
4096
|
|
|
6E80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3299033348.0000000006E80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E80000
|
| Size: |
4096
|
|
|
2CB6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CB6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CB6000
|
| Size: |
36864
|
|
|
E95000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112007815.0000000000E95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E95000
|
| Size: |
462848
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
428000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.0000000000428000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
428000
|
| Size: |
4096
|
|
|
42E000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.000000000042E000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42E000
|
| Size: |
4096
|
|
|
2E08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E08000
|
| Size: |
4096
|
|
|
7A89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2155823949.0000000007A89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A89000
|
| Size: |
28672
|
|
|
583E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3295090943.000000000583E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
583E000
|
| Size: |
8192
|
|
|
5D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314669299.0000000005D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D1E000
|
| Size: |
8192
|
|
|
32B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B2000
|
| Size: |
4096
|
|
|
126E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112487334.000000000126E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
126E000
|
| Size: |
8192
|
|
|
2F4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312066368.0000000002F4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F4A000
|
| Size: |
12288
|
|
|
2E27000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E27000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E27000
|
| Size: |
4096
|
|
|
5573000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3294343512.0000000005573000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5573000
|
| Size: |
8192
|
|
|
85D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2158526892.00000000085D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
85D1000
|
| Size: |
1040384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
69C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3298809485.00000000069C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
69C0000
|
| Size: |
8192
|
|
|
7C90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2347207977.0000000007C90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C90000
|
| Size: |
65536
|
|
|
2BE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268044581.0000000002BE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BE6000
|
| Size: |
40960
|
|
|
7940000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2154700912.0000000007940000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7940000
|
| Size: |
65536
|
|
|
7BBC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2345254060.0000000007BBC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BBC000
|
| Size: |
4096
|
|
|
5ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314528347.0000000005ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ADE000
|
| Size: |
8192
|
|
|
347A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.000000000347A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
347A000
|
| Size: |
581632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
583E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2336909720.000000000583E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
583E000
|
| Size: |
8192
|
|
|
2CC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CC0000
|
| Size: |
4096
|
|
|
52F0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3294933391.00000000052F0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
52F0000
|
| Size: |
4096
|
|
|
3D66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3287891244.0000000003D66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D66000
|
| Size: |
1208320
|
|
|
412000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000412000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
412000
|
| Size: |
4096
|
|
|
439000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000439000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
439000
|
| Size: |
4096
|
|
|
57FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2336853444.00000000057FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57FE000
|
| Size: |
8192
|
|
|
3278000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003278000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3278000
|
| Size: |
4096
|
|
|
414000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000414000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
414000
|
| Size: |
4096
|
|
|
66E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296785514.00000000066E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
66E2000
|
| Size: |
45056
|
|
|
32C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32C9000
|
| Size: |
4096
|
|
|
2DDA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DDA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DDA000
|
| Size: |
4096
|
|
|
1040000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307693362.0000000001040000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1040000
|
| Size: |
8192
|
|
|
1448000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3262113718.0000000001448000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1448000
|
| Size: |
397312
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
631D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296329427.000000000631D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
631D000
|
| Size: |
12288
|
|
|
17D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314983063.00000000017D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17D0000
|
| Size: |
65536
|
|
|
3150000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003150000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3150000
|
| Size: |
4096
|
|
|
7A70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2155700559.0000000007A70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7A70000
|
| Size: |
65536
|
|
|
6B9B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3300060199.0000000006B9B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B9B000
|
| Size: |
8192
|
|
|
6CE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2019476948.00000000006CE000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6CE000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
32C7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032C7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32C7000
|
| Size: |
4096
|
|
|
12DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2310504299.00000000012DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12DE000
|
| Size: |
8192
|
|
|
52C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3294406328.00000000052C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52C0000
|
| Size: |
4096
|
|
|
CF8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3261449628.0000000000CF8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CF8000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
32A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32A6000
|
| Size: |
12288
|
|
|
55AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127276348.00000000055AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55AF000
|
| Size: |
4096
|
|
|
78F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2154172404.00000000078F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78F0000
|
| Size: |
36864
|
|
|
2F21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002F21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F21000
|
| Size: |
8192
|
|
|
10F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2308132402.00000000010F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10F7000
|
| Size: |
36864
|
|
|
3161000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.0000000003161000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3161000
|
| Size: |
45056
|
|
|
105B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3266157129.000000000105B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
105B000
|
| Size: |
4096
|
|
|
3151000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.0000000003151000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3151000
|
| Size: |
4096
|
|
|
32A8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.00000000032A8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32A8000
|
| Size: |
49152
|
|
|
2F10000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3267638668.0000000002F10000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2F10000
|
| Size: |
4096
|
|
|
8110000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2348516079.0000000008110000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8110000
|
| Size: |
16384
|
|
|
313B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.000000000313B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
313B000
|
| Size: |
4096
|
|
|
7970000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2155081122.0000000007970000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7970000
|
| Size: |
65536
|
|
|
8E5C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2350213371.0000000008E5C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8E5C000
|
| Size: |
16384
|
|
|
5A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314456186.0000000005A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A9E000
|
| Size: |
8192
|
|
|
141B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2311037697.000000000141B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
141B000
|
| Size: |
4096
|
|
|
67F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3298210006.00000000067F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67F0000
|
| Size: |
4096
|
|
|
329D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.000000000329D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
329D000
|
| Size: |
12288
|
|
|
2EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267319979.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EF0000
|
| Size: |
65536
|
|
|
53D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2313628111.00000000053D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
53D0000
|
| Size: |
36864
|
|
|
2D01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002D01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D01000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7BB6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2345254060.0000000007BB6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BB6000
|
| Size: |
4096
|
|
|
F0A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3262669446.0000000000F0A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F0A000
|
| Size: |
8192
|
|
|
8350000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2349606486.0000000008350000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8350000
|
| Size: |
4096
|
|
|
74EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2145812765.00000000074EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
74EA000
|
| Size: |
4096
|
|
|
440000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000440000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
440000
|
| Size: |
4096
|
|
|
78AE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2153791202.00000000078AE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78AE000
|
| Size: |
4096
|
|
|
59C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127989768.00000000059C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
59C0000
|
| Size: |
16384
|
|
|
644E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338080798.000000000644E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
644E000
|
| Size: |
8192
|
|
|
78B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2153791202.00000000078B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78B0000
|
| Size: |
4096
|
|
|
1400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2310359309.0000000001400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1400000
|
| Size: |
4096
|
|
|
2BE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268044581.0000000002BE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BE4000
|
| Size: |
4096
|
|
|
58BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127909483.00000000058BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
58BE000
|
| Size: |
8192
|
|
|
1265000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3261733030.0000000001265000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1265000
|
| Size: |
12288
|
|
|
669F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3296139673.000000000669F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
669F000
|
| Size: |
4096
|
|
|
1357000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267046210.0000000001357000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1357000
|
| Size: |
12288
|
|
|
32E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.00000000032E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32E6000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6A43000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3298804622.0000000006A43000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A43000
|
| Size: |
28672
|
|
|
5F0D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337537952.0000000005F0D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F0D000
|
| Size: |
12288
|
|
|
5CA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3295723924.0000000005CA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5CA0000
|
| Size: |
65536
|
|
|
2AE9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112744335.0000000002AE9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AE9000
|
| Size: |
4096
|
|
|
9D9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3261370806.00000000009D9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9D9000
|
| Size: |
28672
|
|
|
7BF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2345711702.0000000007BF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BF0000
|
| Size: |
65536
|
|
|
2F2E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312066368.0000000002F2E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F2E000
|
| Size: |
32768
|
|
|
78BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2153791202.00000000078BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78BE000
|
| Size: |
4096
|
|
|
14C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311209479.00000000014C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C7000
|
| Size: |
237568
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
52E7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3294713207.00000000052E7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52E7000
|
| Size: |
36864
|
|
|
3297000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003297000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3297000
|
| Size: |
4096
|
|
|
7CDB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157783993.0000000007CDB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7CDB000
|
| Size: |
20480
|
|
|
2E42000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E42000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E42000
|
| Size: |
4096
|
|
|
3285000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003285000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3285000
|
| Size: |
53248
|
|
|
3148000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003148000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3148000
|
| Size: |
4096
|
|
|
1640000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3266235705.0000000001640000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1640000
|
| Size: |
4096
|
|
|
2DD2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DD2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD2000
|
| Size: |
4096
|
|
|
2DDC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DDC000
|
| Size: |
4096
|
|
|
314E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.000000000314E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
314E000
|
| Size: |
8192
|
|
|
7230000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3300473252.0000000007230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7230000
|
| Size: |
4096
|
|
|
42C000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.000000000042C000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42C000
|
| Size: |
4096
|
|
|
C4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111420391.0000000000C4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C4E000
|
| Size: |
8192
|
|
|
7534000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2146295882.0000000007534000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7534000
|
| Size: |
77824
|
|
|
1057000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3266119497.0000000001057000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1057000
|
| Size: |
4096
|
|
|
316D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.000000000316D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
316D000
|
| Size: |
1282048
|
|
|
2ED0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267290397.0000000002ED0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2ED0000
|
| Size: |
4096
|
|
|
32F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32F1000
|
| Size: |
45056
|
|
|
FFF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262726081.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FFF000
|
| Size: |
8192
|
|
|
55EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314007421.00000000055EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55EF000
|
| Size: |
4096
|
|
|
6C2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2019456792.00000000006C2000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6C2000
|
| Size: |
45056
|
|
|
597E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3295232501.000000000597E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
597E000
|
| Size: |
8192
|
|
|
2E46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E46000
|
| Size: |
4096
|
|
|
32AC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032AC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32AC000
|
| Size: |
4096
|
|
|
1486000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311209479.0000000001486000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1486000
|
| Size: |
262144
|
|
|
12C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2309452217.00000000012C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12C0000
|
| Size: |
8192
|
|
|
49DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2330537527.00000000049DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49DB000
|
| Size: |
8192
|
|
|
12F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2310723034.00000000012F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12F0000
|
| Size: |
4096
|
|
|
659E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296562337.000000000659E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
659E000
|
| Size: |
8192
|
|
|
7C30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2346335112.0000000007C30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C30000
|
| Size: |
65536
|
|
|
552D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2313800314.000000000552D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
552D000
|
| Size: |
12288
|
|
|
5F5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128771124.0000000005F5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F5E000
|
| Size: |
8192
|
|
|
2D90000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2311679375.0000000002D90000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2D90000
|
| Size: |
4096
|
|
|
12F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3261942182.00000000012F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12F0000
|
| Size: |
8192
|
|
|
2AD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112718905.0000000002AD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AD0000
|
| Size: |
36864
|
|
|
655E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296507369.000000000655E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
655E000
|
| Size: |
8192
|
|
|
61CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337888473.00000000061CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61CE000
|
| Size: |
8192
|
|
|
74D2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2145812765.00000000074D2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
74D2000
|
| Size: |
20480
|
|
|
5C9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3295632777.0000000005C9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C9D000
|
| Size: |
12288
|
|
|
1310000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311123432.0000000001310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1310000
|
| Size: |
20480
|
|
|
54D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2313771504.00000000054D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
54D0000
|
| Size: |
8192
|
|
|
2E5B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E5B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E5B000
|
| Size: |
102400
|
|
|
16C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3266798596.00000000016C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16C0000
|
| Size: |
8192
|
|
|
52BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3294335207.00000000052BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
52BE000
|
| Size: |
8192
|
|
|
5546000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293322222.0000000005546000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5546000
|
| Size: |
16384
|
|
|
1300000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3261998977.0000000001300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1300000
|
| Size: |
16384
|
|
|
16C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2313621997.00000000016C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
16C0000
|
| Size: |
65536
|
|
|
12B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112534292.00000000012B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B0000
|
| Size: |
20480
|
|
|
2DED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DED000
|
| Size: |
12288
|
|
|
7BD1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2345254060.0000000007BD1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BD1000
|
| Size: |
8192
|
|
|
2F52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312066368.0000000002F52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F52000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
632E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2129029597.000000000632E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
632E000
|
| Size: |
8192
|
|
|
2DF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DF1000
|
| Size: |
4096
|
|
|
2BBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267212356.0000000002BBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BBA000
|
| Size: |
4096
|
|
|
66DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315540993.00000000066DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66DE000
|
| Size: |
8192
|
|
|
1320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311166604.0000000001320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1320000
|
| Size: |
4096
|
|
|
78A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2153791202.00000000078A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78A6000
|
| Size: |
4096
|
|
|
8137000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2348778647.0000000008137000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8137000
|
| Size: |
36864
|
|
|
2CAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CAB000
|
| Size: |
4096
|
|
|
7A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2155401396.0000000007A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A40000
|
| Size: |
65536
|
|
|
695E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338527982.000000000695E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
695E000
|
| Size: |
8192
|
|
|
1350000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311423902.0000000001350000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1350000
|
| Size: |
4096
|
|
|
104E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112260468.000000000104E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
104E000
|
| Size: |
8192
|
|
|
32DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32DC000
|
| Size: |
4096
|
|
|
581E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314373965.000000000581E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
581E000
|
| Size: |
8192
|
|
|
2F37000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312066368.0000000002F37000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F37000
|
| Size: |
8192
|
|
|
2BC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267212356.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BC1000
|
| Size: |
16384
|
|
|
146E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311511228.000000000146E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
146E000
|
| Size: |
8192
|
|
|
12D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2309771655.00000000012D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12D4000
|
| Size: |
8192
|
|
|
6810000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338448734.0000000006810000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6810000
|
| Size: |
4096
|
|
|
521E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2336617455.000000000521E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
521E000
|
| Size: |
8192
|
|
|
696E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3298721809.000000000696E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
696E000
|
| Size: |
8192
|
|
|
2DDF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DDF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DDF000
|
| Size: |
53248
|
|
|
7B10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2156489093.0000000007B10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B10000
|
| Size: |
65536
|
|
|
8354000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2349606486.0000000008354000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8354000
|
| Size: |
28672
|
|
|
1780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314789103.0000000001780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1780000
|
| Size: |
28672
|
|
|
5A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3295311713.0000000005A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A7E000
|
| Size: |
8192
|
|
|
7BE5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2345254060.0000000007BE5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BE5000
|
| Size: |
36864
|
|
|
622E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2129001580.000000000622E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
622E000
|
| Size: |
8192
|
|
|
54AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127197667.00000000054AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54AE000
|
| Size: |
8192
|
|
|
5E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128670275.0000000005E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E1E000
|
| Size: |
8192
|
|
|
2CC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CC2000
|
| Size: |
4096
|
|
|
681E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3296385029.000000000681E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
681E000
|
| Size: |
8192
|
|
|
2CA9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CA9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CA9000
|
| Size: |
4096
|
|
|
670E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338357970.000000000670E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
670E000
|
| Size: |
8192
|
|
|
D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3261590242.0000000000D40000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D40000
|
| Size: |
4096
|
|
|
12DD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2309820655.00000000012DD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12DD000
|
| Size: |
4096
|
|
|
2CB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CB1000
|
| Size: |
4096
|
|
|
5C5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3295497032.0000000005C5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C5D000
|
| Size: |
12288
|
|
|
315D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.000000000315D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
315D000
|
| Size: |
4096
|
|
|
12F3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2310900328.00000000012F3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12F3000
|
| Size: |
4096
|
|
|
6D31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2129103497.0000000006D31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D31000
|
| Size: |
901120
|
|
|
7910000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2154378961.0000000007910000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7910000
|
| Size: |
65536
|
|
|
7E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157918243.0000000007E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7E1E000
|
| Size: |
8192
|
|
|
2E3E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E3E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E3E000
|
| Size: |
4096
|
|
|
E93000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112007815.0000000000E93000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E93000
|
| Size: |
4096
|
|
|
6EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3300398691.0000000006EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EEE000
|
| Size: |
8192
|
|
|
1280000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2309281272.0000000001280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1280000
|
| Size: |
4096
|
|
|
150F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311209479.000000000150F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
150F000
|
| Size: |
16384
|
|
|
2E1B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E1B000
|
| Size: |
4096
|
|
|
6810000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3298251625.0000000006810000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6810000
|
| Size: |
49152
|
|
|
58A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3295930790.00000000058A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58A0000
|
| Size: |
65536
|
|
|
2E55000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E55000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E55000
|
| Size: |
4096
|
|
|
425000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000425000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
425000
|
| Size: |
4096
|
|
|
5526000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293322222.0000000005526000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5526000
|
| Size: |
8192
|
|
|
5ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2336999161.0000000005ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ABE000
|
| Size: |
8192
|
|
|
52D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3294461752.00000000052D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52D0000
|
| Size: |
65536
|
|
|
697A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3296630965.000000000697A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
697A000
|
| Size: |
4096
|
|
|
67DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3296327667.00000000067DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67DE000
|
| Size: |
8192
|
|
|
59E0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128106446.00000000059E0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
59E0000
|
| Size: |
323584
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
59BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127947350.00000000059BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59BC000
|
| Size: |
16384
|
|
|
51F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3294084076.00000000051F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51F0000
|
| Size: |
4096
|
|
|
2E57000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E57000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E57000
|
| Size: |
4096
|
|
|
1410000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2310578579.0000000001410000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1410000
|
| Size: |
4096
|
|
|
55ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127575385.00000000055ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55ED000
|
| Size: |
12288
|
|
|
2C40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112900052.0000000002C40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C40000
|
| Size: |
4096
|
|
|
4DB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2330537527.0000000004DB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DB9000
|
| Size: |
4096
|
|
|
3061000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003061000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3061000
|
| Size: |
495616
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
2ECC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267209018.0000000002ECC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2ECC000
|
| Size: |
16384
|
|
|
1050000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3265992182.0000000001050000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1050000
|
| Size: |
4096
|
|
|
2CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268436158.0000000002CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CFE000
|
| Size: |
8192
|
|
|
F45000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262726081.0000000000F45000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F45000
|
| Size: |
4096
|
|
|
17E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315120955.00000000017E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17E0000
|
| Size: |
20480
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
6C70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3300360127.0000000006C70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6C70000
|
| Size: |
8192
|
|
|
56FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3295251217.00000000056FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56FE000
|
| Size: |
8192
|
|
|
16E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2313933280.00000000016E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16E7000
|
| Size: |
8192
|
|
|
57BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2336817435.00000000057BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57BF000
|
| Size: |
4096
|
|
|
2F5F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002F5F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F5F000
|
| Size: |
4096
|
|
|
3182000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003182000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3182000
|
| Size: |
4096
|
|
|
78CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338925965.00000000078CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78CB000
|
| Size: |
413696
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
8080000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2347589388.0000000008080000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8080000
|
| Size: |
65536
|
|
|
66EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296785514.00000000066EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
66EE000
|
| Size: |
208896
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5570000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3294343512.0000000005570000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
7C60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2157541471.0000000007C60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7C60000
|
| Size: |
65536
|
|
|
6A50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3299082134.0000000006A50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A50000
|
| Size: |
65536
|
|
|
3C51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2115370374.0000000003C51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3C51000
|
| Size: |
24576
|
|
|
3282000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003282000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3282000
|
| Size: |
4096
|
|
|
78E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2154081521.00000000078E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78E0000
|
| Size: |
65536
|
|
|
7510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2146295882.0000000007510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7510000
|
| Size: |
36864
|
|
|
1070000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3266207580.0000000001070000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1070000
|
| Size: |
4096
|
|
|
2EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311824760.0000000002EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EB0000
|
| Size: |
49152
|
|
|
2DD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD4000
|
| Size: |
4096
|
|
|
32D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.00000000032D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32D7000
|
| Size: |
49152
|
|
|
176E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314579388.000000000176E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
176E000
|
| Size: |
8192
|
|
|
122E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112450994.000000000122E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
122E000
|
| Size: |
8192
|
|
|
7240000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3300510006.0000000007240000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7240000
|
| Size: |
4096
|
|
|
3301000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.0000000003301000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3301000
|
| Size: |
8192
|
|
|
433000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.0000000000433000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
433000
|
| Size: |
4096
|
|
|
ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3261949423.0000000000ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ED0000
|
| Size: |
8192
|
|
|
E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3261688029.0000000000E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E20000
|
| Size: |
8192
|
|
|
2EA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2311777535.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2EA0000
|
| Size: |
8192
|
|
|
2F04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002F04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F04000
|
| Size: |
4096
|
|
|
14F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3262113718.00000000014F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F4000
|
| Size: |
4096
|
|
|
50DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2126950125.00000000050DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50DD000
|
| Size: |
12288
|
|
|
13FD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2310305028.00000000013FD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13FD000
|
| Size: |
4096
|
|
|
2F26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312066368.0000000002F26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F26000
|
| Size: |
28672
|
|
|
7AB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2155956182.0000000007AB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7AB0000
|
| Size: |
65536
|
|
|
42D000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.000000000042D000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42D000
|
| Size: |
4096
|
|
|
2DFA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DFA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DFA000
|
| Size: |
12288
|
|
|
4121000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2330537527.0000000004121000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4121000
|
| Size: |
24576
|
|
|
111E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112370816.000000000111E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
111E000
|
| Size: |
8192
|
|
|
32E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32E8000
|
| Size: |
4096
|
|
|
2DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD0000
|
| Size: |
4096
|
|
|
C90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111637471.0000000000C90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C90000
|
| Size: |
16384
|
|
|
86D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2158526892.00000000086D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
86D0000
|
| Size: |
413696
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
42A000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.000000000042A000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42A000
|
| Size: |
8192
|
|
|
7250000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3300580786.0000000007250000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7250000
|
| Size: |
32768
|
|
|
EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3261900495.0000000000EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EA0000
|
| Size: |
4096
|
|
|
6830000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3298557506.0000000006830000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6830000
|
| Size: |
53248
|
|
|
7C80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2347052402.0000000007C80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C80000
|
| Size: |
65536
|
|
|
43B000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.000000000043B000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43B000
|
| Size: |
4096
|
|
|
6A4E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3298804622.0000000006A4E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A4E000
|
| Size: |
4096
|
|
|
1330000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311316897.0000000001330000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1330000
|
| Size: |
4096
|
|
|
62FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315319376.00000000062FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
62FE000
|
| Size: |
8192
|
|
|
1660000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3266426382.0000000001660000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1660000
|
| Size: |
4096
|
|
|
2DF5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DF5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DF5000
|
| Size: |
4096
|
|
|
12F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311010024.00000000012F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12F4000
|
| Size: |
4096
|
|
|
80A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2347903305.00000000080A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80A0000
|
| Size: |
65536
|
|
|
2FD2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002FD2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FD2000
|
| Size: |
581632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
54FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3295083907.00000000054FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54FC000
|
| Size: |
16384
|
|
|
434000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000434000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
434000
|
| Size: |
16384
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) |
Malware Analysis System Evasion |
Security Software Discovery
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
32CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32CD000
|
| Size: |
4096
|
|
|
7950000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2154813737.0000000007950000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7950000
|
| Size: |
65536
|
|
|
620E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337936927.000000000620E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
620E000
|
| Size: |
8192
|
|
|
56BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3294734212.00000000056BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56BC000
|
| Size: |
16384
|
|
|
2CC4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CC4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CC4000
|
| Size: |
4096
|
|
|
2E40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E40000
|
| Size: |
4096
|
|
|
1098000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307833265.0000000001098000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1098000
|
| Size: |
200704
|
|
|
634E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338034133.000000000634E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
634E000
|
| Size: |
8192
|
|
|
E30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3261754236.0000000000E30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E30000
|
| Size: |
16384
|
|
|
3186000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003186000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3186000
|
| Size: |
16384
|
|
|
2AEB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112744335.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AEB000
|
| Size: |
20480
|
|
|
13EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2310133324.00000000013EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13EE000
|
| Size: |
8192
|
|
|
9A9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2162086479.0000000009A9C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9A9C000
|
| Size: |
16384
|
|
|
1402000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2310421971.0000000001402000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1402000
|
| Size: |
4096
|
|
|
6920000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3296521330.0000000006920000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6920000
|
| Size: |
8192
|
|
|
314A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.000000000314A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
314A000
|
| Size: |
12288
|
|
|
32E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.00000000032E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32E4000
|
| Size: |
4096
|
|
|
334B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.000000000334B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
334B000
|
| Size: |
3137536
|
|
|
16E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267080229.00000000016E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16E7000
|
| Size: |
12288
|
|
|
2CAD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CAD000
|
| Size: |
4096
|
|
|
1770000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314637871.0000000001770000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1770000
|
| Size: |
4096
|
|
|
12E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2309865198.00000000012E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12E5000
|
| Size: |
16384
|
|
|
7A50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2155529448.0000000007A50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A50000
|
| Size: |
61440
|
|
|
603E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315077183.000000000603E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
603E000
|
| Size: |
8192
|
|
|
1645000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3266309603.0000000001645000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1645000
|
| Size: |
4096
|
|
|
5D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314872051.0000000005D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D6E000
|
| Size: |
8192
|
|
|
7827000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338925965.0000000007827000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7827000
|
| Size: |
667648
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
59D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2128045267.00000000059D0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
59D0000
|
| Size: |
61440
|
|
|
316B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.000000000316B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
316B000
|
| Size: |
49152
|
|
|
32FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32FD000
|
| Size: |
4096
|
|
|
55FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3295197047.00000000055FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55FE000
|
| Size: |
8192
|
|
|
EE3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3262083901.0000000000EE3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
EE3000
|
| Size: |
4096
|
|
|
1620000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3265822643.0000000001620000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1620000
|
| Size: |
28672
|
|
|
6EA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3299271601.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6EA0000
|
| Size: |
32768
|
|
|
55B0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2336744782.00000000055B0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
55B0000
|
| Size: |
4096
|
|
|
7341000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2145747646.0000000007341000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7341000
|
| Size: |
8192
|
|
|
1327000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2311202645.0000000001327000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1327000
|
| Size: |
4096
|
|
|
7B14000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2344170163.0000000007B14000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B14000
|
| Size: |
20480
|
|
|
56EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2127616249.00000000056EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56EE000
|
| Size: |
8192
|
|
|
6EF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3299383138.0000000006EF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6EF0000
|
| Size: |
8192
|
|
|
14FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3262113718.00000000014FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14FA000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1080000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3266247116.0000000001080000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1080000
|
| Size: |
65536
|
|
|
5EFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314959916.0000000005EFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EFE000
|
| Size: |
8192
|
|
|
84B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2158006767.00000000084B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84B0000
|
| Size: |
4096
|
|
|
2EF7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002EF7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EF7000
|
| Size: |
49152
|
|
|
754B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2146295882.000000000754B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
754B000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
599D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314411526.000000000599D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
599D000
|
| Size: |
12288
|
|
|
12FD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2311040797.00000000012FD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12FD000
|
| Size: |
4096
|
|
|
415000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.0000000000415000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
415000
|
| Size: |
65536
|
|
|
2F63000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002F63000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F63000
|
| Size: |
28672
|
|
|
142E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3262113718.000000000142E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
142E000
|
| Size: |
45056
|
|
|
658E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338231052.000000000658E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
658E000
|
| Size: |
8192
|
|
|
1410000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3262113718.0000000001410000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1410000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
51F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3294084076.00000000051F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51F3000
|
| Size: |
8192
|
|
|
607F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315142268.000000000607F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
607F000
|
| Size: |
4096
|
|
|
2A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112587247.0000000002A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2A9E000
|
| Size: |
8192
|
|
|
589D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3295618610.000000000589D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
589D000
|
| Size: |
8192
|
|
|
559D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2336663603.000000000559D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
559D000
|
| Size: |
12288
|
|
|
411000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.0000000000411000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
411000
|
| Size: |
4096
|
|
|
1100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2308469664.0000000001100000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1100000
|
| Size: |
4096
|
|
|
78B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2153791202.00000000078B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78B4000
|
| Size: |
8192
|
|
|
431000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.0000000000431000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
431000
|
| Size: |
4096
|
|
|
10C0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2112334769.00000000010C0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
10C0000
|
| Size: |
4096
|
|
|
6A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3298440347.0000000006A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A30000
|
| Size: |
8192
|
|
|
2D81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002D81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D81000
|
| Size: |
45056
|
|
|
2DD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD6000
|
| Size: |
4096
|
|
|
7AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2344170163.0000000007AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AF0000
|
| Size: |
12288
|
|
|
E30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2111970218.0000000000E30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
E30000
|
| Size: |
65536
|
|
|
2E59000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E59000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E59000
|
| Size: |
4096
|
|
|
DCB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2111888354.0000000000DCB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DCB000
|
| Size: |
4096
|
|
|
5AFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337037351.0000000005AFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5AFD000
|
| Size: |
12288
|
|
|
7AD0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2156076026.0000000007AD0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7AD0000
|
| Size: |
16384
|
|
|
1614000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3265719895.0000000001614000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1614000
|
| Size: |
8192
|
|
|
506E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2313559622.000000000506E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
506E000
|
| Size: |
8192
|
|
|
2DF7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DF7000
|
| Size: |
4096
|
|
|
140A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2310523147.000000000140A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
140A000
|
| Size: |
8192
|
|
|
2E2C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E2C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E2C000
|
| Size: |
4096
|
|
|
2CAF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CAF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CAF000
|
| Size: |
4096
|
|
|
67ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3298106544.00000000067ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67ED000
|
| Size: |
12288
|
|
|
8570000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2158272112.0000000008570000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8570000
|
| Size: |
65536
|
|
|
32D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32D2000
|
| Size: |
12288
|
|
|
659E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315467100.000000000659E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
659E000
|
| Size: |
8192
|
|
|
65DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315500054.00000000065DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
65DE000
|
| Size: |
8192
|
|
|
5D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128639344.0000000005D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D1E000
|
| Size: |
8192
|
|
|
2B08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267176805.0000000002B08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2B08000
|
| Size: |
4096
|
|
|
65CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338269054.00000000065CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
65CE000
|
| Size: |
8192
|
|
|
78A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2153791202.00000000078A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78A0000
|
| Size: |
4096
|
|
|
3152000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003152000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3152000
|
| Size: |
4096
|
|
|
80C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2348202446.00000000080C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80C9000
|
| Size: |
28672
|
|
|
429000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000429000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
429000
|
| Size: |
4096
|
|
|
E77000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112007815.0000000000E77000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E77000
|
| Size: |
49152
|
|
|
3178000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000003178000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3178000
|
| Size: |
4096
|
|
|
C83000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2111588906.0000000000C83000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C83000
|
| Size: |
4096
|
|
|
14AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3262113718.00000000014AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14AA000
|
| Size: |
176128
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
16D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2313794153.00000000016D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
16D0000
|
| Size: |
65536
|
|
|
61DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128914228.00000000061DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61DE000
|
| Size: |
8192
|
|
|
12D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2309543643.00000000012D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
12D0000
|
| Size: |
12288
|
|
|
438000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.0000000000438000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
438000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
10EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3266518978.00000000010EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10EE000
|
| Size: |
8192
|
|
|
2D8D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311623958.0000000002D8D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D8D000
|
| Size: |
12288
|
|
|
2AE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112744335.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AE0000
|
| Size: |
32768
|
|
|
1636000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3266120550.0000000001636000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1636000
|
| Size: |
8192
|
|
|
1090000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112301184.0000000001090000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1090000
|
| Size: |
4096
|
|
|
2EBD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311824760.0000000002EBD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EBD000
|
| Size: |
12288
|
|
|
1448000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311209479.0000000001448000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1448000
|
| Size: |
16384
|
|
|
7B00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2156362152.0000000007B00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B00000
|
| Size: |
65536
|
|
|
2C51000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002C51000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C51000
|
| Size: |
184320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
427000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000427000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
427000
|
| Size: |
4096
|
|
|
432000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000432000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
432000
|
| Size: |
4096
|
|
|
1030000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307657087.0000000001030000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1030000
|
| Size: |
4096
|
|
|
E50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112007815.0000000000E50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E50000
|
| Size: |
36864
|
|
|
7C0B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2345855807.0000000007C0B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C0B000
|
| Size: |
20480
|
|
|
2E23000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E23000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E23000
|
| Size: |
4096
|
|
|
DC5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2111816655.0000000000DC5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DC5000
|
| Size: |
4096
|
|
|
771D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338925965.000000000771D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
771D000
|
| Size: |
602112
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
8360000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2349764815.0000000008360000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8360000
|
| Size: |
12288
|
|
|
7528000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2146295882.0000000007528000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7528000
|
| Size: |
45056
|
|
|
4275000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3287265615.0000000004275000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4275000
|
| Size: |
4096
|
|
|
7E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111366254.00000000007E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E0000
|
| Size: |
8192
|
|
|
2D79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002D79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D79000
|
| Size: |
4096
|
|
|
2CA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CA1000
|
| Size: |
12288
|
|
|
12AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112518470.00000000012AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12AD000
|
| Size: |
12288
|
|
|
1360000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311447571.0000000001360000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1360000
|
| Size: |
16384
|
|
|
812A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2348581183.000000000812A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
812A000
|
| Size: |
24576
|
|
|
554D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293322222.000000000554D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
554D000
|
| Size: |
16384
|
|
|
5300000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3295004796.0000000005300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5300000
|
| Size: |
4096
|
|
|
F02000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262562669.0000000000F02000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
F02000
|
| Size: |
4096
|
|
|
5C3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337120647.0000000005C3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C3D000
|
| Size: |
12288
|
|
|
2BF0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3268357840.0000000002BF0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2BF0000
|
| Size: |
4096
|
|
|
2BAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267212356.0000000002BAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BAE000
|
| Size: |
12288
|
|
|
C8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2111617618.0000000000C8D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
C8D000
|
| Size: |
4096
|
|
|
2E44000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E44000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E44000
|
| Size: |
4096
|
|
|
2CC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CC6000
|
| Size: |
1085440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111731210.0000000000DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DB0000
|
| Size: |
4096
|
|
|
32DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32DE000
|
| Size: |
12288
|
|
|
108C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112284366.000000000108C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
108C000
|
| Size: |
16384
|
|
|
2AF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112811757.0000000002AF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AF0000
|
| Size: |
28672
|
|
|
2E48000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E48000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E48000
|
| Size: |
4096
|
|
|
659E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3296028503.000000000659E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
659E000
|
| Size: |
8192
|
|
|
7FD30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3300745938.000000007FD30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7FD30000
|
| Size: |
4096
|
|
|
5D7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337371294.0000000005D7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D7E000
|
| Size: |
8192
|
|
|
5552000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293322222.0000000005552000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5552000
|
| Size: |
49152
|
|
|
1406000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2310472425.0000000001406000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1406000
|
| Size: |
8192
|
|
|
DC7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2111859795.0000000000DC7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DC7000
|
| Size: |
4096
|
|
|
571E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314308536.000000000571E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
571E000
|
| Size: |
8192
|
|
|
EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262008847.0000000000EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EE0000
|
| Size: |
4096
|
|
|
630E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337992130.000000000630E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
630E000
|
| Size: |
8192
|
|
|
DC8000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307558083.0000000000DC8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DC8000
|
| Size: |
32768
|
|
|
98FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2162041648.00000000098FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98FC000
|
| Size: |
16384
|
|
|
1445000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3262113718.0000000001445000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1445000
|
| Size: |
4096
|
|
|
7CA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2347358020.0000000007CA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7CA0000
|
| Size: |
65536
|
|
|
126E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2309051354.000000000126E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
126E000
|
| Size: |
8192
|
|
|
78D5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2153791202.00000000078D5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78D5000
|
| Size: |
36864
|
|
|
5BBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128546315.0000000005BBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BBE000
|
| Size: |
8192
|
|
|
6961000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2338925965.0000000006961000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6961000
|
| Size: |
4096
|
|
|
66B4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296695836.00000000066B4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
66B4000
|
| Size: |
4096
|
|
|
6D2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3298978427.0000000006D2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D2F000
|
| Size: |
4096
|
|
|
56E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3294854127.00000000056E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
56E0000
|
| Size: |
4096
|
|
|
12D3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2309741218.00000000012D3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
12D3000
|
| Size: |
4096
|
|
|
430000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3260358402.0000000000430000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
430000
|
| Size: |
4096
|
|
|
2ED1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2312066368.0000000002ED1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED1000
|
| Size: |
331776
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1260000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3261733030.0000000001260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1260000
|
| Size: |
16384
|
|
|
8250000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2349316007.0000000008250000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8250000
|
| Size: |
65536
|
|
|
EFD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3262418825.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
EFD000
|
| Size: |
4096
|
|
|
122E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2308995070.000000000122E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
122E000
|
| Size: |
8192
|
|
|
1710000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314365965.0000000001710000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1710000
|
| Size: |
4096
|
|
|
55AD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2313931723.00000000055AD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55AD000
|
| Size: |
12288
|
|
|
DDA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3261441726.0000000000DDA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DDA000
|
| Size: |
24576
|
|
|
59BD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2336952570.00000000059BD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59BD000
|
| Size: |
12288
|
|
|
66DD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3296248032.00000000066DD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66DD000
|
| Size: |
12288
|
|
|
30E0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2315325067.00000000030E0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
30E0000
|
| Size: |
4096
|
|
|
1514000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311209479.0000000001514000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1514000
|
| Size: |
36864
|
|
|
151F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311209479.000000000151F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
151F000
|
| Size: |
131072
|
|
|
7C70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2346901075.0000000007C70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C70000
|
| Size: |
65536
|
|
|
53E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2313628111.00000000053E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
53E0000
|
| Size: |
8192
|
|
|
3299000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003299000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3299000
|
| Size: |
4096
|
|
|
164B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3266387299.000000000164B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
164B000
|
| Size: |
4096
|
|
|
5D20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2314713380.0000000005D20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5D20000
|
| Size: |
65536
|
|
|
8D50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2350186258.0000000008D50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8D50000
|
| Size: |
4096
|
|
|
5140000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3293800884.0000000005140000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5140000
|
| Size: |
45056
|
|
|
1350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267046210.0000000001350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1350000
|
| Size: |
16384
|
|
|
5580000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3294470186.0000000005580000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5580000
|
| Size: |
36864
|
|
|
7242000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3300510006.0000000007242000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7242000
|
| Size: |
8192
|
|
|
161D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3265786320.000000000161D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
161D000
|
| Size: |
4096
|
|
|
6B96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3300060199.0000000006B96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B96000
|
| Size: |
16384
|
|
|
2D71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002D71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D71000
|
| Size: |
4096
|
|
|
11E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2308852207.00000000011E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11E0000
|
| Size: |
8192
|
|
|
2E1F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E1F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E1F000
|
| Size: |
4096
|
|
|
DA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111691509.0000000000DA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DA0000
|
| Size: |
36864
|
|
|
1647000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3266344476.0000000001647000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1647000
|
| Size: |
4096
|
|
|
1720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314495636.0000000001720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1720000
|
| Size: |
36864
|
|
|
6A60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3299403863.0000000006A60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6A60000
|
| Size: |
65536
|
|
|
66A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3296695836.00000000066A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
66A0000
|
| Size: |
4096
|
|
|
1003000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262726081.0000000001003000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1003000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2D5B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002D5B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D5B000
|
| Size: |
4096
|
|
|
162D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3265942484.000000000162D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
162D000
|
| Size: |
4096
|
|
|
508E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2126922577.000000000508E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
508E000
|
| Size: |
8192
|
|
|
2DD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002DD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2DD8000
|
| Size: |
4096
|
|
|
1337000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2311343742.0000000001337000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1337000
|
| Size: |
4096
|
|
|
4109000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3287265615.0000000004109000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4109000
|
| Size: |
172032
|
|
|
3D29000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3287891244.0000000003D29000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3D29000
|
| Size: |
167936
|
|
|
5160000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2127138796.0000000005160000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5160000
|
| Size: |
4096
|
|
|
11C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2310340437.00000000011C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C5000
|
| Size: |
12288
|
|
|
5CBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128578043.0000000005CBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5CBE000
|
| Size: |
8192
|
|
|
766E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2146733101.000000000766E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
766E000
|
| Size: |
8192
|
|
|
6FEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3300437067.0000000006FEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FEF000
|
| Size: |
4096
|
|
|
DBA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2111785147.0000000000DBA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
DBA000
|
| Size: |
8192
|
|
|
4B17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2115370374.0000000004B17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B17000
|
| Size: |
8192
|
|
|
1440000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311209479.0000000001440000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1440000
|
| Size: |
24576
|
|
|
16B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3266536336.00000000016B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
16B0000
|
| Size: |
65536
|
|
|
32C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32C5000
|
| Size: |
4096
|
|
|
134C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3266965050.000000000134C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
134C000
|
| Size: |
16384
|
|
|
16E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267080229.00000000016E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
16E0000
|
| Size: |
16384
|
|
|
7D10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157829278.0000000007D10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D10000
|
| Size: |
45056
|
|
|
6A27000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3298197622.0000000006A27000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A27000
|
| Size: |
36864
|
|
|
5BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337079329.0000000005BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BFE000
|
| Size: |
8192
|
|
|
2E02000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E02000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E02000
|
| Size: |
20480
|
|
|
413000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.0000000000413000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
413000
|
| Size: |
4096
|
|
|
119E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2310247862.000000000119E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
119E000
|
| Size: |
8192
|
|
|
314E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.000000000314E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
314E000
|
| Size: |
4096
|
|
|
5E7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337446283.0000000005E7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E7E000
|
| Size: |
8192
|
|
|
1613000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3265647804.0000000001613000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1613000
|
| Size: |
4096
|
|
|
78FB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2154172404.00000000078FB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78FB000
|
| Size: |
20480
|
|
|
8C9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2350132517.0000000008C9C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8C9C000
|
| Size: |
16384
|
|
|
DC2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111800591.0000000000DC2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DC2000
|
| Size: |
4096
|
|
|
3110000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315355373.0000000003110000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3110000
|
| Size: |
4096
|
|
|
F10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262726081.0000000000F10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F10000
|
| Size: |
28672
|
|
|
32D6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032D6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32D6000
|
| Size: |
20480
|
|
|
1100000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3266848866.0000000001100000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1100000
|
| Size: |
16384
|
|
|
32B6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032B6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32B6000
|
| Size: |
49152
|
|
|
C70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111435904.0000000000C70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C70000
|
| Size: |
8192
|
|
|
2F28000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267679956.0000000002F28000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F28000
|
| Size: |
4096
|
|
|
6010000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337703448.0000000006010000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6010000
|
| Size: |
57344
|
|
|
30E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267796521.00000000030E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30E1000
|
| Size: |
188416
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2E25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002E25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E25000
|
| Size: |
4096
|
|
|
4128000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2330537527.0000000004128000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4128000
|
| Size: |
8192
|
|
|
7A60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2155611094.0000000007A60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A60000
|
| Size: |
65536
|
|
|
6B60000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3299722685.0000000006B60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B60000
|
| Size: |
4096
|
|
|
2F6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268479910.0000000002F6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F6B000
|
| Size: |
3137536
|
|
|
7260000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3300669437.0000000007260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7260000
|
| Size: |
8192
|
|
|
7D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111344719.00000000007D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
6963000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3296630965.0000000006963000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6963000
|
| Size: |
65536
|
|
|
1475000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2311209479.0000000001475000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1475000
|
| Size: |
65536
|
|
|
32C3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032C3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32C3000
|
| Size: |
4096
|
|
|
133B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000C.00000002.2311396913.000000000133B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
133B000
|
| Size: |
4096
|
|
|
7C00000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2157200739.0000000007C00000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7C00000
|
| Size: |
286720
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
16BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2313563968.00000000016BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16BC000
|
| Size: |
16384
|
|
|
61FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2315279595.00000000061FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
61FE000
|
| Size: |
8192
|
|
|
DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111921529.0000000000DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
DE0000
|
| Size: |
4096
|
|
|
6C0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.2019436060.00000000006C0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
6C0000
|
| Size: |
4096
|
|
|
10A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3266469716.00000000010A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A0000
|
| Size: |
4096
|
|
|
5890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3295618610.0000000005890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5890000
|
| Size: |
8192
|
|
|
2C81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002C81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C81000
|
| Size: |
118784
|
|
|
80C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2348202446.00000000080C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80C0000
|
| Size: |
32768
|
|
|
7980000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2155202975.0000000007980000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7980000
|
| Size: |
65536
|
|
|
2BCD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267212356.0000000002BCD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BCD000
|
| Size: |
16384
|
|
|
C95000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111637471.0000000000C95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C95000
|
| Size: |
16384
|
|
|
317A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.000000000317A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
317A000
|
| Size: |
4096
|
|
|
1630000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3266039973.0000000001630000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1630000
|
| Size: |
4096
|
|
|
32FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32FF000
|
| Size: |
4096
|
|
|
7AF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2156236328.0000000007AF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7AF0000
|
| Size: |
65536
|
|
|
53B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2313597424.00000000053B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
53B0000
|
| Size: |
4096
|
|
|
7AE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2156121659.0000000007AE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7AE0000
|
| Size: |
65536
|
|
|
8520000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2158075834.0000000008520000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8520000
|
| Size: |
131072
|
|
|
E5A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112007815.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E5A000
|
| Size: |
8192
|
|
|
10D9000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307833265.00000000010D9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10D9000
|
| Size: |
163840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
167E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2313525984.000000000167E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
167E000
|
| Size: |
8192
|
|
|
593E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3295159407.000000000593E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
593E000
|
| Size: |
8192
|
|
|
3280000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003280000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3280000
|
| Size: |
4096
|
|
|
43C000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.000000000043C000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43C000
|
| Size: |
12288
|
|
|
3E94000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3287891244.0000000003E94000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E94000
|
| Size: |
4096
|
|
|
1779000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314637871.0000000001779000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1779000
|
| Size: |
4096
|
|
|
D9C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2307703645.0000000000D9C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D9C000
|
| Size: |
16384
|
|
|
7C60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2346757305.0000000007C60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C60000
|
| Size: |
65536
|
|
|
7C90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.2157667069.0000000007C90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7C90000
|
| Size: |
65536
|
|
|
49E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2330537527.00000000049E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49E1000
|
| Size: |
1937408
|
|
|
7549000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2146295882.0000000007549000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7549000
|
| Size: |
4096
|
|
|
553A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3293322222.000000000553A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
553A000
|
| Size: |
4096
|
|
|
7960000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2154988256.0000000007960000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7960000
|
| Size: |
65536
|
|
|
327C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.000000000327C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
327C000
|
| Size: |
4096
|
|
|
D9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111671716.0000000000D9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D9E000
|
| Size: |
8192
|
|
|
6C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3300299164.0000000006C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6C2E000
|
| Size: |
8192
|
|
|
4581000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2330537527.0000000004581000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4581000
|
| Size: |
4096
|
|
|
308E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315247108.000000000308E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
308E000
|
| Size: |
8192
|
|
|
8158000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2349033293.0000000008158000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8158000
|
| Size: |
32768
|
|
|
8B60000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2349827283.0000000008B60000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8B60000
|
| Size: |
131072
|
|
|
1055000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3266081043.0000000001055000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1055000
|
| Size: |
4096
|
|
|
C84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111603307.0000000000C84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C84000
|
| Size: |
8192
|
|
|
7DAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2347507267.0000000007DAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DAE000
|
| Size: |
8192
|
|
|
527E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3294274431.000000000527E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
527E000
|
| Size: |
8192
|
|
|
12B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112534292.00000000012B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B7000
|
| Size: |
20480
|
|
|
1300000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2311066303.0000000001300000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1300000
|
| Size: |
36864
|
|
|
6AAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3299650794.0000000006AAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6AAD000
|
| Size: |
12288
|
|
|
2AF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112811757.0000000002AF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AF9000
|
| Size: |
4096
|
|
|
C80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111568908.0000000000C80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C80000
|
| Size: |
12288
|
|
|
2BE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3268044581.0000000002BE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BE0000
|
| Size: |
4096
|
|
|
7AB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2344170163.0000000007AB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AB0000
|
| Size: |
233472
|
|
|
3301000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003301000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3301000
|
| Size: |
4096
|
|
|
3597000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003597000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3597000
|
| Size: |
86016
|
|
|
17E7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315120955.00000000017E7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
17E7000
|
| Size: |
20480
|
|
|
317C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.000000000317C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
317C000
|
| Size: |
4096
|
|
|
78AB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2153791202.00000000078AB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78AB000
|
| Size: |
8192
|
|
|
177B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314637871.000000000177B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
177B000
|
| Size: |
20480
|
|
|
EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262236533.0000000000EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EF0000
|
| Size: |
49152
|
|
|
2BAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267212356.0000000002BAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BAB000
|
| Size: |
8192
|
|
|
F3A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3262726081.0000000000F3A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F3A000
|
| Size: |
16384
|
|
|
5D3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2337232030.0000000005D3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D3F000
|
| Size: |
4096
|
|
|
3450000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.0000000003450000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3450000
|
| Size: |
86016
|
|
|
1412000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2310732433.0000000001412000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1412000
|
| Size: |
4096
|
|
|
2AC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112679998.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC0000
|
| Size: |
49152
|
|
|
2BD2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.3267212356.0000000002BD2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BD2000
|
| Size: |
49152
|
|
|
42F000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.3260371880.000000000042F000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42F000
|
| Size: |
4096
|
|
|
5A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2128451898.0000000005A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A7E000
|
| Size: |
8192
|
|
|
32EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2315387667.00000000032EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32EA000
|
| Size: |
4096
|
|
|
CCC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2307496395.0000000000CCC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CCC000
|
| Size: |
16384
|
|
|
1714000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2314365965.0000000001714000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1714000
|
| Size: |
32768
|
|
|
2FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.3267709705.0000000002FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FD0000
|
| Size: |
4096
|
|
|
76C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2111321537.000000000076C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
76C000
|
| Size: |
16384
|
|
|
163A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000D.00000002.3266167841.000000000163A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
163A000
|
| Size: |
8192
|
|
|
2CB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.2112915654.0000000002CB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CB4000
|
| Size: |
4096
|
|
