|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1554889044.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
12288
|
|
|
526000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590776472.0000000000526000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
526000
|
| Size: |
8192
|
|
|
1826000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677617113.0000000001826000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1826000
|
| Size: |
598016
|
|
|
4FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984603821.0000000004FB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FB0000
|
| Size: |
4096
|
|
|
3200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586331872.0000000003200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
4096
|
|
|
1821000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677280569.0000000001821000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1821000
|
| Size: |
589824
|
|
|
1787000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669903332.0000000001787000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1787000
|
| Size: |
532480
|
|
|
4F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590744766.00000000004F0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F0000
|
| Size: |
4096
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1533471676.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
28F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1534997120.00000000028F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F1000
|
| Size: |
45056
|
|
|
328E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586359996.000000000328E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
328E000
|
| Size: |
114688
|
|
|
3AC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1630532532.0000000003AC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3AC0000
|
| Size: |
5246976
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1534273344.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
4096
|
|
|
47AB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1605691240.00000000047AB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47AB000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
185A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3688707498.000000000185A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
185A000
|
| Size: |
786432
|
|
|
B30000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.1595506259.0000000000B30000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B30000
|
| Size: |
147456
|
|
|
BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1585984548.0000000000BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BFE000
|
| Size: |
8192
|
|
|
182B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3671239823.000000000182B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
182B000
|
| Size: |
540672
|
|
|
574E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984658379.000000000574E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
574E000
|
| Size: |
8192
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660138563.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983204749.0000000000A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A7E000
|
| Size: |
8192
|
|
|
1784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3675038596.0000000001784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1784000
|
| Size: |
561152
|
|
|
31D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586307700.00000000031D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31D0000
|
| Size: |
4096
|
|
|
28F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1548066173.00000000028F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F2000
|
| Size: |
16384
|
|
|
B0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1585920994.0000000000B0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0C000
|
| Size: |
16384
|
|
|
47B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1605691240.00000000047B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47B9000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
184D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3685484251.000000000184D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
184D000
|
| Size: |
745472
|
|
|
178E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682300975.000000000178E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178E000
|
| Size: |
688128
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1555859581.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
2D05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984276958.0000000002D05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D05000
|
| Size: |
8192
|
|
|
6B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1529740436.00000000006B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B2000
|
| Size: |
4096
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1617635991.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
1130000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983616909.0000000001130000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1130000
|
| Size: |
8192
|
|
|
28F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1540159694.00000000028F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F0000
|
| Size: |
45056
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1599379604.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
2D0C3A9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628659094.000002D0C3A9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A9E000
|
| Size: |
28672
|
|
|
178C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3683494342.000000000178C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178C000
|
| Size: |
712704
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1603317050.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660006220.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
182A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3680161566.000000000182A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
182A000
|
| Size: |
638976
|
|
|
183C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3681954029.000000000183C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
183C000
|
| Size: |
679936
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659912236.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
303E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586072794.000000000303E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
303E000
|
| Size: |
8192
|
|
|
28F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1556402173.00000000028F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6000
|
| Size: |
32768
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000000.1526832353.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1604171737.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
11C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1635817146.00000000011C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C4000
|
| Size: |
4096
|
|
|
2D0C3AAF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630083192.000002D0C3AAF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AAF000
|
| Size: |
49152
|
|
|
11C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1636021261.00000000011C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C4000
|
| Size: |
4096
|
|
|
1780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3676610087.0000000001780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1780000
|
| Size: |
585728
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1526852117.0000000000408000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
12288
|
|
|
AA1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000015.00000000.3716211305.0000000000AA1000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
AA1000
|
| Size: |
585728
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660036962.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1607382714.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
2D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984337531.0000000002D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D8E000
|
| Size: |
8192
|
|
|
28FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1528948187.00000000028FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FC000
|
| Size: |
45056
|
|
|
28F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1562973296.00000000028F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F0000
|
| Size: |
98304
|
|
|
28FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1532898042.00000000028FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FC000
|
| Size: |
110592
|
|
|
1822000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3678036859.0000000001822000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1822000
|
| Size: |
610304
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1636180036.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
28FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1541169503.00000000028FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FF000
|
| Size: |
135168
|
|
|
B68000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000015.00000002.3983571280.0000000000B68000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B68000
|
| Size: |
143360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660305359.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
E2B04FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629297180.000000E2B04FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2B04FF000
|
| Size: |
4096
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629929806.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
30FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586171775.00000000030FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
30FE000
|
| Size: |
8192
|
|
|
1220000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983787077.0000000001220000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1220000
|
| Size: |
24576
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629125934.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
178B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3679877267.000000000178B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178B000
|
| Size: |
638976
|
|
|
3E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1631339355.0000000003E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E00000
|
| Size: |
172032
|
|
|
2D0C3ADD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1627905100.000002D0C3ADD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3ADD000
|
| Size: |
4096
|
|
|
28FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1533493142.00000000028FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FE000
|
| Size: |
65536
|
|
|
520000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590776472.0000000000520000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
520000
|
| Size: |
16384
|
|
|
6B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1528905126.00000000006B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B2000
|
| Size: |
4096
|
|
|
598000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590836687.0000000000598000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
598000
|
| Size: |
69632
|
|
|
178C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3681512530.000000000178C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178C000
|
| Size: |
667648
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1561316030.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
1781000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3689662737.0000000001781000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1781000
|
| Size: |
798720
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629439306.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
AA0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000015.00000002.3983237927.0000000000AA0000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AA0000
|
| Size: |
4096
|
|
|
182B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3678857169.000000000182B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
182B000
|
| Size: |
618496
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1599210459.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
65536
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1551321500.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
14ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984290684.00000000014ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14ED000
|
| Size: |
106496
|
|
|
2F2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1744956447.0000000002F2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F2F000
|
| Size: |
4096
|
|
|
2D0C3AD2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1627905100.000002D0C3AD2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AD2000
|
| Size: |
40960
|
|
|
185C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3688968608.000000000185C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
185C000
|
| Size: |
790528
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659735448.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1782000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3685870767.0000000001782000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1782000
|
| Size: |
749568
|
|
|
2D0C3A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629735095.000002D0C3A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A00000
|
| Size: |
4096
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659160170.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
233472
|
|
|
11C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983689684.00000000011C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C0000
|
| Size: |
16384
|
|
|
86E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591156735.000000000086E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
86E000
|
| Size: |
8192
|
|
|
380000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000011.00000000.1627099735.0000000000380000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
380000
|
| Size: |
147456
|
|
|
3D00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985543374.0000000003D00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D00000
|
| Size: |
4096
|
|
|
2D0C39D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629619934.000002D0C39D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C39D0000
|
| Size: |
4096
|
|
|
425F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3667983195.000000000425F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
425F000
|
| Size: |
1216512
|
|
|
28F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1555223058.00000000028F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F0000
|
| Size: |
45056
|
|
|
B68000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000015.00000000.3716316560.0000000000B68000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B68000
|
| Size: |
143360
|
|
|
2D0C3AD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628092637.000002D0C3AD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AD5000
|
| Size: |
16384
|
|
|
3912000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985386792.0000000003912000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3912000
|
| Size: |
266240
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660333379.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1859000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3690505588.0000000001859000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1859000
|
| Size: |
806912
|
|
|
38D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985351243.00000000038D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
38D0000
|
| Size: |
266240
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1528905126.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
28FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1531411563.00000000028FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FB000
|
| Size: |
131072
|
|
|
13B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1597952155.00000000013B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13B5000
|
| Size: |
131072
|
|
|
2DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984388499.0000000002DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DA0000
|
| Size: |
4096
|
|
|
28FD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1541796528.00000000028FD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FD000
|
| Size: |
24576
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1607190353.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
2D0C3AA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1627412967.000002D0C3AA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AA6000
|
| Size: |
86016
|
|
|
1789000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3679215528.0000000001789000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1789000
|
| Size: |
622592
|
|
|
1243000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1629932886.0000000001243000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1243000
|
| Size: |
4096
|
|
|
1785000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669587840.0000000001785000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1785000
|
| Size: |
524288
|
|
|
2D0C3AA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630043851.000002D0C3AA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AA6000
|
| Size: |
32768
|
|
|
2D0C3AA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628444198.000002D0C3AA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AA6000
|
| Size: |
86016
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1637154710.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1607620342.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
47D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669124864.00000000047D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47D9000
|
| Size: |
1482752
|
|
|
148B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984178652.000000000148B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
148B000
|
| Size: |
73728
|
|
|
1429000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984107327.0000000001429000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1429000
|
| Size: |
110592
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629350254.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
178A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3680994951.000000000178A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178A000
|
| Size: |
655360
|
|
|
28F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1536382349.00000000028F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6000
|
| Size: |
8192
|
|
|
178F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682607897.000000000178F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178F000
|
| Size: |
692224
|
|
|
317E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586221448.000000000317E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
317E000
|
| Size: |
8192
|
|
|
1615000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984590869.0000000001615000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1615000
|
| Size: |
16384
|
|
|
B55000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.1595506259.0000000000B55000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B55000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
1848000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3686110353.0000000001848000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1848000
|
| Size: |
749568
|
|
|
183B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682996180.000000000183B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
183B000
|
| Size: |
700416
|
|
|
22B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566683232.00000000022B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22B0000
|
| Size: |
16384
|
|
|
1786000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3681704247.0000000001786000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1786000
|
| Size: |
671744
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1531378200.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1553299373.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
12288
|
|
|
1837000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3678560828.0000000001837000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1837000
|
| Size: |
614400
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628505442.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
28FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1551964468.00000000028FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FF000
|
| Size: |
32768
|
|
|
46F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3668980149.00000000046F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
1433600
|
|
|
1839000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3679575456.0000000001839000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1839000
|
| Size: |
630784
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629551060.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
1784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3687157250.0000000001784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1784000
|
| Size: |
765952
|
|
|
1840000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682529640.0000000001840000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1840000
|
| Size: |
692224
|
|
|
8F9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983339224.00000000008F9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8F9000
|
| Size: |
28672
|
|
|
178E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3671171186.000000000178E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178E000
|
| Size: |
540672
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1604500703.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
28F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1557243857.00000000028F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F3000
|
| Size: |
188416
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659454592.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
3B3000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000011.00000000.1627158346.00000000003B3000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
3B3000
|
| Size: |
8192
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659670299.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1603347697.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1607316730.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
1789000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677826549.0000000001789000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1789000
|
| Size: |
602112
|
|
|
1846000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682681567.0000000001846000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1846000
|
| Size: |
692224
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659417021.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
5310000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000003.3856701014.0000000005310000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5310000
|
| Size: |
4096
|
|
|
2EEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1744929714.0000000002EEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2EEE000
|
| Size: |
8192
|
|
|
3844000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985110992.0000000003844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3844000
|
| Size: |
266240
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659313522.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
36C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984660519.00000000036C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
36C0000
|
| Size: |
954368
|
|
|
E2B05FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629347247.000000E2B05FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2B05FE000
|
| Size: |
8192
|
|
|
41D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3668636679.00000000041D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
41D4000
|
| Size: |
1327104
|
|
|
3270000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586359996.0000000003270000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3270000
|
| Size: |
28672
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629062841.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
2D0C3ADD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628029333.000002D0C3ADD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3ADD000
|
| Size: |
4096
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1603884902.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
1818000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677029728.0000000001818000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1818000
|
| Size: |
585728
|
|
|
1789000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3690781053.0000000001789000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1789000
|
| Size: |
675840
|
|
|
128E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.000000000128E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
128E000
|
| Size: |
12288
|
|
|
AA0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.1595432604.0000000000AA0000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AA0000
|
| Size: |
4096
|
|
|
1288000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.0000000001288000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1288000
|
| Size: |
16384
|
|
|
1783000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677543938.0000000001783000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1783000
|
| Size: |
593920
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659363634.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
4660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591338743.0000000004660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4660000
|
| Size: |
4096
|
|
|
2D0C3A91000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628185947.000002D0C3A91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A91000
|
| Size: |
24576
|
|
|
28F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1528326953.00000000028F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F4000
|
| Size: |
20480
|
|
|
588F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984713432.000000000588F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
588F000
|
| Size: |
4096
|
|
|
236E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566724879.000000000236E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
236E000
|
| Size: |
8192
|
|
|
184F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3685264792.000000000184F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
184F000
|
| Size: |
741376
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1629877820.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
131072
|
|
|
28F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1560109445.00000000028F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F5000
|
| Size: |
204800
|
|
|
31CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586282031.00000000031CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
31CF000
|
| Size: |
4096
|
|
|
182F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3676490476.000000000182F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
182F000
|
| Size: |
581632
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1604001182.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1606828555.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
3FD7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1630077602.0000000003FD7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3FD7000
|
| Size: |
1888256
|
|
|
1592000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984458500.0000000001592000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1592000
|
| Size: |
36864
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1555201348.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
19A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1565872268.000000000019A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
19A000
|
| Size: |
24576
|
|
|
2D0C3ADD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1627412967.000002D0C3ADD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3ADD000
|
| Size: |
4096
|
|
|
9F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983400587.00000000009F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9F0000
|
| Size: |
8192
|
|
|
FFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983439053.0000000000FFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FFC000
|
| Size: |
16384
|
|
|
46F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669276796.00000000046F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
1507328
|
|
|
18AD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3670435402.00000000018AD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18AD000
|
| Size: |
536576
|
|
|
E2B06FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629396118.000000E2B06FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2B06FE000
|
| Size: |
8192
|
|
|
F90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586054535.0000000000F90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F90000
|
| Size: |
4096
|
|
|
697000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566309405.0000000000697000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
697000
|
| Size: |
16384
|
|
|
41D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3668127972.00000000041D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
41D4000
|
| Size: |
1236992
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628600086.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
1784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682918798.0000000001784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1784000
|
| Size: |
700416
|
|
|
79F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591002742.000000000079F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
79F000
|
| Size: |
4096
|
|
|
185A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3688385997.000000000185A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
185A000
|
| Size: |
782336
|
|
|
B30000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000015.00000002.3983396581.0000000000B30000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B30000
|
| Size: |
147456
|
|
|
18F9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3683075379.00000000018F9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18F9000
|
| Size: |
704512
|
|
|
178C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677372016.000000000178C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178C000
|
| Size: |
589824
|
|
|
1789000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3680342437.0000000001789000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1789000
|
| Size: |
643072
|
|
|
66A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566309405.000000000066A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
66A000
|
| Size: |
8192
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1538895092.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
13A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1597983142.00000000013A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
69632
|
|
|
660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566309405.0000000000660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
660000
|
| Size: |
32768
|
|
|
E2B07FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629453287.000000E2B07FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2B07FE000
|
| Size: |
8192
|
|
|
1781000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3683824196.0000000001781000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1781000
|
| Size: |
720896
|
|
|
AA1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000000B.00000000.1595452165.0000000000AA1000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
AA1000
|
| Size: |
585728
|
|
|
1782000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3684444222.0000000001782000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1782000
|
| Size: |
729088
|
|
|
1280000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.0000000001280000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1280000
|
| Size: |
8192
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1607735755.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
BB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1585964169.0000000000BB0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BB0000
|
| Size: |
4096
|
|
|
59E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566163993.000000000059E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
59E000
|
| Size: |
8192
|
|
|
E2B01FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629207432.000000E2B01FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2B01FD000
|
| Size: |
12288
|
|
|
1134000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983616909.0000000001134000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1134000
|
| Size: |
8192
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628646700.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
6E3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566309405.00000000006E3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E3000
|
| Size: |
20480
|
|
|
28F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1555882163.00000000028F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F4000
|
| Size: |
147456
|
|
|
B63000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000015.00000002.3983487855.0000000000B63000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B63000
|
| Size: |
8192
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629715778.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1607663246.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
A2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566585534.0000000000A2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A2F000
|
| Size: |
4096
|
|
|
3FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985566184.0000000003FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3FD0000
|
| Size: |
266240
|
|
|
1228000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983787077.0000000001228000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1228000
|
| Size: |
245760
|
|
|
1784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3679645068.0000000001784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1784000
|
| Size: |
630784
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629093434.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1541772666.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629596721.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
4E7D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984435194.0000000004E7D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E7D000
|
| Size: |
147456
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1607508489.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
190C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3685047935.000000000190C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
190C000
|
| Size: |
737280
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1529740436.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628427562.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
7B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983021202.00000000007B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B5000
|
| Size: |
12288
|
|
|
1826000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3676264573.0000000001826000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1826000
|
| Size: |
577536
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1558799617.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1603775340.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
172032
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1538310686.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629228776.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
1819000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669963611.0000000001819000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1819000
|
| Size: |
532480
|
|
|
5DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590836687.00000000005DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DB000
|
| Size: |
12288
|
|
|
304E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1745021457.000000000304E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
304E000
|
| Size: |
8192
|
|
|
B55000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000015.00000002.3983396581.0000000000B55000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B55000
|
| Size: |
40960
|
|
|
E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1744895389.0000000000E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E70000
|
| Size: |
4096
|
|
|
182C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677466140.000000000182C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
182C000
|
| Size: |
593920
|
|
|
1828000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3674658277.0000000001828000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1828000
|
| Size: |
561152
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1630190977.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
408000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1565935598.0000000000408000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
408000
|
| Size: |
12288
|
|
|
4108000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985800538.0000000004108000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4108000
|
| Size: |
143360
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629870702.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
5310000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000003.3856650060.0000000005310000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5310000
|
| Size: |
4096
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1637298470.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
64E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566286062.000000000064E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
64E000
|
| Size: |
8192
|
|
|
7E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983126989.00000000007E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E0000
|
| Size: |
4096
|
|
|
28F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1558819761.00000000028F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F7000
|
| Size: |
16384
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1535675435.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
1813000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3673964065.0000000001813000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1813000
|
| Size: |
552960
|
|
|
178A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3671465090.000000000178A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178A000
|
| Size: |
548864
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659975556.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
185C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3688059778.000000000185C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
185C000
|
| Size: |
778240
|
|
|
41D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3668563073.00000000041D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
41D4000
|
| Size: |
434176
|
|
|
46F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3668926213.00000000046F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
466944
|
|
|
190C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3687462733.000000000190C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
190C000
|
| Size: |
770048
|
|
|
46F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1605691240.00000000046F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46F8000
|
| Size: |
729088
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1636626654.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
183E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3680499026.000000000183E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
183E000
|
| Size: |
647168
|
|
|
28F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1535697384.00000000028F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F2000
|
| Size: |
139264
|
|
|
5AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590836687.00000000005AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5AE000
|
| Size: |
110592
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659603136.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1788000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3673032109.0000000001788000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1788000
|
| Size: |
552960
|
|
|
1292000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.0000000001292000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1292000
|
| Size: |
4096
|
|
|
1833000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3679974527.0000000001833000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1833000
|
| Size: |
638976
|
|
|
28F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1553903338.00000000028F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F1000
|
| Size: |
12288
|
|
|
183B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3681242355.000000000183B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
183B000
|
| Size: |
663552
|
|
|
AA1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000015.00000002.3983285654.0000000000AA1000.00000020.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
AA1000
|
| Size: |
585728
|
|
|
1783000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677688356.0000000001783000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1783000
|
| Size: |
598016
|
|
|
66E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566309405.000000000066E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
66E000
|
| Size: |
159744
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1540137278.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1561796284.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
454E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591240163.000000000454E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
454E000
|
| Size: |
8192
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1634273623.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
1524000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984354655.0000000001524000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1524000
|
| Size: |
135168
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659635326.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
2D0C3ADA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630234172.000002D0C3ADA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3ADA000
|
| Size: |
4096
|
|
|
3E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1631890580.0000000003E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E00000
|
| Size: |
172032
|
|
|
E2B00FA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629160986.000000E2B00FA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2B00FA000
|
| Size: |
24576
|
|
|
30B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586110783.00000000030B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30B9000
|
| Size: |
4096
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1562493701.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629194698.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
B30000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000015.00000000.3716254398.0000000000B30000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B30000
|
| Size: |
147456
|
|
|
B5F000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000000.1595556086.0000000000B5F000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B5F000
|
| Size: |
8192
|
|
|
37C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984798074.00000000037C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
37C0000
|
| Size: |
266240
|
|
|
18AB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3674035743.00000000018AB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18AB000
|
| Size: |
557056
|
|
|
497000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1565953558.0000000000497000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
497000
|
| Size: |
4096
|
|
|
2D0C3A78000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629797725.000002D0C3A78000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A78000
|
| Size: |
81920
|
|
|
11C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1635864207.00000000011C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C4000
|
| Size: |
4096
|
|
|
1299000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.0000000001299000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1299000
|
| Size: |
12288
|
|
|
2D0C3DA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630297948.000002D0C3DA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3DA5000
|
| Size: |
28672
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628996504.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660489249.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1788000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3690421077.0000000001788000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1788000
|
| Size: |
802816
|
|
|
12B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.00000000012B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B9000
|
| Size: |
8192
|
|
|
1827000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677909668.0000000001827000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1827000
|
| Size: |
606208
|
|
|
1782000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682022184.0000000001782000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1782000
|
| Size: |
679936
|
|
|
81F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591045093.000000000081F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
81F000
|
| Size: |
4096
|
|
|
1785000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3680817555.0000000001785000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1785000
|
| Size: |
651264
|
|
|
178A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669722138.000000000178A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178A000
|
| Size: |
528384
|
|
|
1832000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682843817.0000000001832000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1832000
|
| Size: |
696320
|
|
|
1785000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3675430615.0000000001785000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1785000
|
| Size: |
569344
|
|
|
BBC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1744818452.0000000000BBC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BBC000
|
| Size: |
16384
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1637456349.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
182D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3679714552.000000000182D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
182D000
|
| Size: |
634880
|
|
|
FDD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983439053.0000000000FDD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FDD000
|
| Size: |
12288
|
|
|
1783000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682756677.0000000001783000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1783000
|
| Size: |
696320
|
|
|
6CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1558315871.00000000006CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CA000
|
| Size: |
4096
|
|
|
11C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1631180636.00000000011C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C4000
|
| Size: |
4096
|
|
|
2D0C3AC9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1627850338.000002D0C3AC9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AC9000
|
| Size: |
77824
|
|
|
F0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586002293.0000000000F0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F0E000
|
| Size: |
8192
|
|
|
220E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566607856.000000000220E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
220E000
|
| Size: |
8192
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1553879235.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
2D0C3ADD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1627850338.000002D0C3ADD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3ADD000
|
| Size: |
4096
|
|
|
28F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1561340461.00000000028F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F8000
|
| Size: |
28672
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1604258743.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
6CE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566309405.00000000006CE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CE000
|
| Size: |
24576
|
|
|
380000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000011.00000002.3983148572.0000000000380000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
380000
|
| Size: |
147456
|
|
|
4630000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591322057.0000000004630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4630000
|
| Size: |
4096
|
|
|
18B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677137492.00000000018B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18B3000
|
| Size: |
585728
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1526809176.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660188334.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
2900000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1560779161.0000000002900000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2900000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2D0C3AC7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630142667.000002D0C3AC7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AC7000
|
| Size: |
8192
|
|
|
184E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3686469141.000000000184E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
184E000
|
| Size: |
753664
|
|
|
183A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3681606235.000000000183A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
183A000
|
| Size: |
671744
|
|
|
178D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3679412143.000000000178D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178D000
|
| Size: |
626688
|
|
|
960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983368799.0000000000960000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
960000
|
| Size: |
4096
|
|
|
41D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3668284602.00000000041D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
41D4000
|
| Size: |
1249280
|
|
|
3E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1631227931.0000000003E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E00000
|
| Size: |
172032
|
|
|
2D0C3AD4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628288257.000002D0C3AD4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AD4000
|
| Size: |
4096
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1647826583.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
2D0C3ADB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628405845.000002D0C3ADB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3ADB000
|
| Size: |
4096
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659943829.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1545524044.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1530666182.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
92F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566557482.000000000092F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
92F000
|
| Size: |
4096
|
|
|
34DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1567269729.00000000034DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
34DC000
|
| Size: |
16384
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629025223.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
2D0C3AD9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628029333.000002D0C3AD9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AD9000
|
| Size: |
12288
|
|
|
1782000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3685185350.0000000001782000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1782000
|
| Size: |
741376
|
|
|
30E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1745082168.00000000030E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30E8000
|
| Size: |
45056
|
|
|
159C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984479842.000000000159C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
159C000
|
| Size: |
118784
|
|
|
458F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591256687.000000000458F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
458F000
|
| Size: |
4096
|
|
|
E2B09FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629575524.000000E2B09FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2B09FE000
|
| Size: |
8192
|
|
|
2F1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000011.00000002.3983023575.00000000002F1000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
2F1000
|
| Size: |
585728
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628757907.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
4012000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985630886.0000000004012000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4012000
|
| Size: |
266240
|
|
|
30B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586110783.00000000030B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30B0000
|
| Size: |
20480
|
|
|
1786000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3689270693.0000000001786000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1786000
|
| Size: |
794624
|
|
|
126F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.000000000126F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
126F000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
460F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591305394.000000000460F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
460F000
|
| Size: |
4096
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1604531995.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
14C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984254266.00000000014C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C3000
|
| Size: |
167936
|
|
|
46F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3668749432.00000000046F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
1359872
|
|
|
412C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985857277.000000000412C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
412C000
|
| Size: |
69632
|
|
|
B63000
|
unkown
|
page write copy
|
|
|
|
| Name: |
0000000B.00000000.1595556086.0000000000B63000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B63000
|
| Size: |
8192
|
|
|
13B5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984025550.00000000013B5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13B5000
|
| Size: |
40960
|
|
|
28F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1557799228.00000000028F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F3000
|
| Size: |
57344
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1635650038.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
233472
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660108525.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1445000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984137730.0000000001445000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1445000
|
| Size: |
282624
|
|
|
1781000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3686913345.0000000001781000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1781000
|
| Size: |
761856
|
|
|
18EF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682197718.00000000018EF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18EF000
|
| Size: |
684032
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1532876756.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
40B000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1565953558.000000000040B000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
40B000
|
| Size: |
4096
|
|
|
1786000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3686315321.0000000001786000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1786000
|
| Size: |
753664
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660217714.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
28FD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1554401751.00000000028FD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FD000
|
| Size: |
12288
|
|
|
4B10000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1745126512.0000000004B10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B10000
|
| Size: |
20480
|
|
|
3D42000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1598006749.0000000003D42000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D42000
|
| Size: |
1888256
|
|
|
590000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590836687.0000000000590000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
590000
|
| Size: |
28672
|
|
|
1273000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1629932886.0000000001273000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1273000
|
| Size: |
4096
|
|
|
18CE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3678166390.00000000018CE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18CE000
|
| Size: |
610304
|
|
|
1865000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3690330852.0000000001865000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1865000
|
| Size: |
802816
|
|
|
2D0C3A98000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628185947.000002D0C3A98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A98000
|
| Size: |
20480
|
|
|
1845000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3684889262.0000000001845000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1845000
|
| Size: |
737280
|
|
|
1841000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3687269714.0000000001841000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1841000
|
| Size: |
765952
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1639539389.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
37AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984771754.00000000037AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
37AA000
|
| Size: |
86016
|
|
|
4323000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3668066889.0000000004323000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4323000
|
| Size: |
819200
|
|
|
28FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1531975017.00000000028FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FE000
|
| Size: |
49152
|
|
|
178B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3688842704.000000000178B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178B000
|
| Size: |
786432
|
|
|
6CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1556365685.00000000006CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CA000
|
| Size: |
4096
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629672795.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1607130135.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
237568
|
|
|
3954000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985421677.0000000003954000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3954000
|
| Size: |
331776
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1539740775.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
6CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1558281408.00000000006CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CA000
|
| Size: |
4096
|
|
|
127D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.000000000127D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
127D000
|
| Size: |
4096
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659802167.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1789000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3676152211.0000000001789000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1789000
|
| Size: |
577536
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629157885.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
45CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591276910.00000000045CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45CE000
|
| Size: |
8192
|
|
|
1787000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3678628760.0000000001787000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1787000
|
| Size: |
618496
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1603214652.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1632557697.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
1822000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3672068152.0000000001822000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1822000
|
| Size: |
548864
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566262787.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
4096
|
|
|
181D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669786852.000000000181D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
181D000
|
| Size: |
528384
|
|
|
40EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985800538.00000000040EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40EA000
|
| Size: |
69632
|
|
|
178E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3687896249.000000000178E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178E000
|
| Size: |
774144
|
|
|
1831000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3681416256.0000000001831000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1831000
|
| Size: |
667648
|
|
|
2D0C3ACC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628288257.000002D0C3ACC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3ACC000
|
| Size: |
24576
|
|
|
4054000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985675086.0000000004054000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4054000
|
| Size: |
266240
|
|
|
B5F000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000015.00000002.3983487855.0000000000B5F000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B5F000
|
| Size: |
8192
|
|
|
2D0C3AD6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630207061.000002D0C3AD6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AD6000
|
| Size: |
12288
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1599599650.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
1788000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3685358867.0000000001788000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1788000
|
| Size: |
745472
|
|
|
144E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984227646.000000000144E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
144E000
|
| Size: |
8192
|
|
|
B55000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000015.00000000.3716254398.0000000000B55000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B55000
|
| Size: |
40960
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660420799.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
9B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1565850355.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B000
|
| Size: |
20480
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1560083639.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1550570625.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
1789000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682452795.0000000001789000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1789000
|
| Size: |
692224
|
|
|
313F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586196751.000000000313F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
313F000
|
| Size: |
4096
|
|
|
178F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3683147846.000000000178F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178F000
|
| Size: |
704512
|
|
|
182A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677760164.000000000182A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
182A000
|
| Size: |
602112
|
|
|
2D0C3AD4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628348537.000002D0C3AD4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AD4000
|
| Size: |
4096
|
|
|
1845000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3687047486.0000000001845000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1845000
|
| Size: |
761856
|
|
|
55E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566144030.000000000055E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55E000
|
| Size: |
8192
|
|
|
2D0C3ACE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630170104.000002D0C3ACE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3ACE000
|
| Size: |
16384
|
|
|
2D0C3D60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630267492.000002D0C3D60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3D60000
|
| Size: |
4096
|
|
|
33DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1567251514.00000000033DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33DC000
|
| Size: |
16384
|
|
|
5310000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000015.00000003.3856684514.0000000005310000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5310000
|
| Size: |
4096
|
|
|
B5F000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000015.00000000.3716290741.0000000000B5F000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B5F000
|
| Size: |
8192
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1631132000.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
65536
|
|
|
28F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1560779161.00000000028F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F7000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
2D0C3A9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630012055.000002D0C3A9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A9E000
|
| Size: |
28672
|
|
|
1786000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3687542727.0000000001786000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1786000
|
| Size: |
770048
|
|
|
28F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1559286077.00000000028F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F8000
|
| Size: |
8192
|
|
|
B4C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1585945143.0000000000B4C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B4C000
|
| Size: |
16384
|
|
|
46F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669218974.00000000046F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
46F1000
|
| Size: |
495616
|
|
|
181E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3675154670.000000000181E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
181E000
|
| Size: |
565248
|
|
|
1294000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.0000000001294000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1294000
|
| Size: |
16384
|
|
|
178C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3684177527.000000000178C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178C000
|
| Size: |
724992
|
|
|
49C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669519467.00000000049C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49C4000
|
| Size: |
520192
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1636904582.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
178F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3674114038.000000000178F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178F000
|
| Size: |
557056
|
|
|
1285000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.0000000001285000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1285000
|
| Size: |
8192
|
|
|
69E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566309405.000000000069E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
69E000
|
| Size: |
32768
|
|
|
1244000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1627765235.0000000001244000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1244000
|
| Size: |
65536
|
|
|
2D0C3ABC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1627412967.000002D0C3ABC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3ABC000
|
| Size: |
131072
|
|
|
32AB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586359996.00000000032AB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32AB000
|
| Size: |
65536
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1565894778.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
1831000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3679309576.0000000001831000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1831000
|
| Size: |
626688
|
|
|
5CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590836687.00000000005CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5CA000
|
| Size: |
65536
|
|
|
11C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1636101308.00000000011C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C4000
|
| Size: |
4096
|
|
|
B63000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000015.00000000.3716290741.0000000000B63000.00000008.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
B63000
|
| Size: |
8192
|
|
|
1781000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3680080589.0000000001781000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1781000
|
| Size: |
638976
|
|
|
47E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1605902436.00000000047E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47E1000
|
| Size: |
729088
|
|
|
2D0C3A91000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629797725.000002D0C3A91000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A91000
|
| Size: |
24576
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1601561389.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
1786000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3681325620.0000000001786000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1786000
|
| Size: |
663552
|
|
|
184B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3684286527.000000000184B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
184B000
|
| Size: |
729088
|
|
|
28F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1554914145.00000000028F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F3000
|
| Size: |
24576
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629977401.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
2CEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984252905.0000000002CEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CEE000
|
| Size: |
8192
|
|
|
1780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3681172670.0000000001780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1780000
|
| Size: |
659456
|
|
|
1847000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3683566935.0000000001847000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1847000
|
| Size: |
716800
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628378656.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
237568
|
|
|
2D0C3A9D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628007889.000002D0C3A9D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A9D000
|
| Size: |
32768
|
|
|
11D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983723492.00000000011D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11D0000
|
| Size: |
4096
|
|
|
2D0C3A8C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1627412967.000002D0C3A8C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A8C000
|
| Size: |
102400
|
|
|
18DD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3679036133.00000000018DD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18DD000
|
| Size: |
622592
|
|
|
183A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3681079616.000000000183A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
183A000
|
| Size: |
659456
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1551929681.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
FBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983439053.0000000000FBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FBE000
|
| Size: |
8192
|
|
|
4096000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985716289.0000000004096000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4096000
|
| Size: |
69632
|
|
|
500000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590763470.0000000000500000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
500000
|
| Size: |
4096
|
|
|
3AF000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000011.00000000.1627158346.00000000003AF000.00000008.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
3AF000
|
| Size: |
8192
|
|
|
32BC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586359996.00000000032BC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32BC000
|
| Size: |
20480
|
|
|
11F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983758701.00000000011F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11F0000
|
| Size: |
4096
|
|
|
3837000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1598491067.0000000003837000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3837000
|
| Size: |
5246976
|
|
|
1787000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3688234560.0000000001787000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1787000
|
| Size: |
778240
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1599483224.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
178E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677206410.000000000178E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178E000
|
| Size: |
585728
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660276190.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1557760753.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
1273000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1630049908.0000000001273000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1273000
|
| Size: |
4096
|
|
|
3186000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586240790.0000000003186000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3186000
|
| Size: |
8192
|
|
|
AA0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000015.00000000.3716190670.0000000000AA0000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AA0000
|
| Size: |
4096
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659703981.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
18D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3680243576.00000000018D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18D8000
|
| Size: |
643072
|
|
|
49C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590724517.000000000049C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49C000
|
| Size: |
16384
|
|
|
192F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3689134014.000000000192F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
192F000
|
| Size: |
790528
|
|
|
1257000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.0000000001257000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1257000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1845000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3686800629.0000000001845000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1845000
|
| Size: |
757760
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1541143392.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
4F4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1526909927.00000000004F4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4F4000
|
| Size: |
32768
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1636759261.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
1846000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3683421202.0000000001846000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1846000
|
| Size: |
712704
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659570124.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
192D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3690616829.000000000192D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
192D000
|
| Size: |
806912
|
|
|
7B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983021202.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B0000
|
| Size: |
16384
|
|
|
F90000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000015.00000002.3983668133.0000000000F90000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
F90000
|
| Size: |
1662976
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2D0C3A70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629797725.000002D0C3A70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A70000
|
| Size: |
28672
|
|
|
40A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985751004.00000000040A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40A8000
|
| Size: |
266240
|
|
|
28FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1545565924.00000000028FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FE000
|
| Size: |
200704
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1543948359.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
28FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1553325776.00000000028FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FA000
|
| Size: |
24576
|
|
|
2D0C3ABC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1627952757.000002D0C3ABC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3ABC000
|
| Size: |
53248
|
|
|
6D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566309405.00000000006D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6D5000
|
| Size: |
53248
|
|
|
41D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3667911809.00000000041D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
41D4000
|
| Size: |
765952
|
|
|
2D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984366629.0000000002D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D90000
|
| Size: |
4096
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629501387.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
7DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591021758.00000000007DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DE000
|
| Size: |
8192
|
|
|
1787000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3670021074.0000000001787000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1787000
|
| Size: |
532480
|
|
|
1849000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3685723974.0000000001849000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1849000
|
| Size: |
749568
|
|
|
5E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566244979.00000000005E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E0000
|
| Size: |
4096
|
|
|
1546000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984390113.0000000001546000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1546000
|
| Size: |
307200
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1531951371.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
1814000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3670353516.0000000001814000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1814000
|
| Size: |
536576
|
|
|
1784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3686672442.0000000001784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1784000
|
| Size: |
757760
|
|
|
183D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3680900466.000000000183D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
183D000
|
| Size: |
655360
|
|
|
1789000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3684759271.0000000001789000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1789000
|
| Size: |
733184
|
|
|
1250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.0000000001250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1250000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
E2B08FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629523202.000000E2B08FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2B08FE000
|
| Size: |
8192
|
|
|
3B8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000011.00000002.3983285511.00000000003B8000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3B8000
|
| Size: |
143360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566195652.00000000005C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C5000
|
| Size: |
12288
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660361604.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1859000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3687622105.0000000001859000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1859000
|
| Size: |
774144
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1603287133.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
7D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983091194.00000000007D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
12AC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000003.3856622816.00000000012AC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12AC000
|
| Size: |
4096
|
|
|
183D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3681789353.000000000183D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
183D000
|
| Size: |
675840
|
|
|
2F30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1744991825.0000000002F30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F30000
|
| Size: |
20480
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659276847.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659768293.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
307F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586092258.000000000307F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
307F000
|
| Size: |
4096
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1604374365.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
1508000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984322958.0000000001508000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1508000
|
| Size: |
110592
|
|
|
41F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1565953558.000000000041F000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
41F000
|
| Size: |
53248
|
|
|
184C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3684642428.000000000184C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
184C000
|
| Size: |
733184
|
|
|
178B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3675826973.000000000178B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178B000
|
| Size: |
573440
|
|
|
8C8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591205555.00000000008C8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8C8000
|
| Size: |
20480
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1562947826.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
339F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1567231575.000000000339F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
339F000
|
| Size: |
4096
|
|
|
18BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3675223838.00000000018BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18BE000
|
| Size: |
565248
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629394014.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
2D0C3AD6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628288257.000002D0C3AD6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AD6000
|
| Size: |
12288
|
|
|
B68000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000B.00000000.1595592768.0000000000B68000.00000002.00000001.01000000.00000005.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B68000
|
| Size: |
143360
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3278000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586359996.0000000003278000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3278000
|
| Size: |
69632
|
|
|
8C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591205555.00000000008C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8C0000
|
| Size: |
20480
|
|
|
28F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1561822267.00000000028F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6000
|
| Size: |
8192
|
|
|
1784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3677973431.0000000001784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1784000
|
| Size: |
606208
|
|
|
3A5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000011.00000002.3983148572.00000000003A5000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3A5000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
1780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3681883837.0000000001780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1780000
|
| Size: |
675840
|
|
|
40B000
|
unkown
|
page write copy
|
|
|
|
| Name: |
00000000.00000000.1526869240.000000000040B000.00000008.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page write copy
|
| Base address: |
40B000
|
| Size: |
4096
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1599281593.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
F4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586018378.0000000000F4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F4E000
|
| Size: |
8192
|
|
|
48A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1605902436.00000000048A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48A2000
|
| Size: |
147456
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1599881525.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
2D0C3AC6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628114402.000002D0C3AC6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AC6000
|
| Size: |
12288
|
|
|
2D0C3A98000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1629014339.000002D0C3A98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A98000
|
| Size: |
20480
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1604088939.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659524489.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1788000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3683345302.0000000001788000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1788000
|
| Size: |
708608
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628805836.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
129E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.000000000129E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
129E000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| URLs found in memory or binary data |
Networking |
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1636316124.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
13C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984048663.00000000013C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
425984
|
|
|
28F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1544145761.00000000028F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F8000
|
| Size: |
65536
|
|
|
28F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1534301112.00000000028F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6000
|
| Size: |
28672
|
|
|
39BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985480632.00000000039BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39BD000
|
| Size: |
8192
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628549473.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
178F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3690239353.000000000178F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178F000
|
| Size: |
802816
|
|
|
47CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3668842140.00000000047CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47CD000
|
| Size: |
1396736
|
|
|
E2B02FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629252224.000000E2B02FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E2B02FE000
|
| Size: |
8192
|
|
|
48AF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669068003.00000000048AF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48AF000
|
| Size: |
491520
|
|
|
3180000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586240790.0000000003180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3180000
|
| Size: |
16384
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629796346.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
28FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1539767634.00000000028FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FA000
|
| Size: |
8192
|
|
|
6E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566309405.00000000006E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6E9000
|
| Size: |
94208
|
|
|
28FF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1536849657.00000000028FF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FF000
|
| Size: |
24576
|
|
|
11C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1659200988.00000000011C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C4000
|
| Size: |
4096
|
|
|
1849000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3683731491.0000000001849000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1849000
|
| Size: |
720896
|
|
|
28F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1538333294.00000000028F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F1000
|
| Size: |
188416
|
|
|
182D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3675665722.000000000182D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
182D000
|
| Size: |
569344
|
|
|
178B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3671296416.000000000178B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178B000
|
| Size: |
544768
|
|
|
2D0C3A97000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628070451.000002D0C3A97000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A97000
|
| Size: |
24576
|
|
|
1846000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3683235518.0000000001846000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1846000
|
| Size: |
708608
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628957573.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
2F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000011.00000000.1626997133.00000000002F0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2F0000
|
| Size: |
4096
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660452426.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1785000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3680610644.0000000001785000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1785000
|
| Size: |
647168
|
|
|
429B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3668222000.000000000429B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
429B000
|
| Size: |
421888
|
|
|
4FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984576098.0000000004FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FAF000
|
| Size: |
4096
|
|
|
75B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3982982490.000000000075B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
75B000
|
| Size: |
20480
|
|
|
28F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1538918024.00000000028F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F0000
|
| Size: |
102400
|
|
|
12B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000003.3857013404.00000000012B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12B9000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
18DC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3679791544.00000000018DC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18DC000
|
| Size: |
634880
|
|
|
500000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566088373.0000000000500000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
500000
|
| Size: |
4096
|
|
|
28F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1530691216.00000000028F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F4000
|
| Size: |
49152
|
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566195652.00000000005C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C0000
|
| Size: |
16384
|
|
|
23A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566774696.00000000023A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23A0000
|
| Size: |
8192
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1603110243.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
237568
|
|
|
FCD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983439053.0000000000FCD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FCD000
|
| Size: |
12288
|
|
|
1855000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3689471571.0000000001855000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1855000
|
| Size: |
794624
|
|
|
14B9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984238154.00000000014B9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14B9000
|
| Size: |
36864
|
|
|
4DBC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984435194.0000000004DBC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4DBC000
|
| Size: |
729088
|
|
|
2D0C3AD6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628348537.000002D0C3AD6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AD6000
|
| Size: |
12288
|
|
|
2D0C3AA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628185947.000002D0C3AA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AA6000
|
| Size: |
86016
|
|
|
1F10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984635681.0000000001F10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1F10000
|
| Size: |
12288
|
|
|
4894000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1605902436.0000000004894000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4894000
|
| Size: |
49152
|
|
|
2D0C3DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630297948.000002D0C3DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3DA0000
|
| Size: |
16384
|
|
|
1828000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3671357433.0000000001828000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1828000
|
| Size: |
544768
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629631156.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1604449264.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
237568
|
|
|
1348000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983973056.0000000001348000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1348000
|
| Size: |
442368
|
|
|
F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586037350.0000000000F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F8E000
|
| Size: |
8192
|
|
|
578E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984684829.000000000578E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
578E000
|
| Size: |
8192
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1599239848.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
149E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984203473.000000000149E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
149E000
|
| Size: |
106496
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628688580.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
2D0C3AA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1627977372.000002D0C3AA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AA6000
|
| Size: |
86016
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629262765.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1528224635.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
8192
|
|
|
3A5000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000011.00000000.1627099735.00000000003A5000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3A5000
|
| Size: |
40960
|
|
|
2D00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984276958.0000000002D00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D00000
|
| Size: |
12288
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1554372918.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
28FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1551391413.00000000028FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FE000
|
| Size: |
36864
|
|
|
192D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3690020277.000000000192D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
192D000
|
| Size: |
802816
|
|
|
28F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1527607785.00000000028F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6000
|
| Size: |
16384
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1614007329.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
1830000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682107775.0000000001830000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1830000
|
| Size: |
684032
|
|
|
178B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3678474022.000000000178B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178B000
|
| Size: |
614400
|
|
|
2D0C3DAD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630297948.000002D0C3DAD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3DAD000
|
| Size: |
8192
|
|
|
1274000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1603251733.0000000001274000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1274000
|
| Size: |
4096
|
|
|
28FD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1537369030.00000000028FD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FD000
|
| Size: |
57344
|
|
|
2F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000011.00000002.3982980735.00000000002F0000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2F0000
|
| Size: |
4096
|
|
|
2D0C5890000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630577394.000002D0C5890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C5890000
|
| Size: |
4096
|
|
|
28F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1550592578.00000000028F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F3000
|
| Size: |
16384
|
|
|
401000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.1565915856.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
401000
|
| Size: |
28672
|
|
|
12AF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983887690.00000000012AF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12AF000
|
| Size: |
12288
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1637013653.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
48C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669380831.00000000048C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48C9000
|
| Size: |
1548288
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1556365685.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
161D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984590869.000000000161D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
161D000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4F4000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1566065390.00000000004F4000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4F4000
|
| Size: |
32768
|
|
|
BFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1744844927.0000000000BFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BFC000
|
| Size: |
16384
|
|
|
F8B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983630493.0000000000F8B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F8B000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1603596202.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
461000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1565953558.0000000000461000.00000004.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
461000
|
| Size: |
8192
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660246803.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
1823000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3675922465.0000000001823000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1823000
|
| Size: |
573440
|
|
|
3E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1631452364.0000000003E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E00000
|
| Size: |
172032
|
|
|
1786000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3688531224.0000000001786000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1786000
|
| Size: |
782336
|
|
|
1784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3685592428.0000000001784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1784000
|
| Size: |
749568
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983254549.00000000003AF000.00000004.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
3AF000
|
| Size: |
36864
|
|
|
178C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3676413137.000000000178C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178C000
|
| Size: |
581632
|
|
|
56E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590816716.000000000056E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56E000
|
| Size: |
8192
|
|
|
27EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566799034.00000000027EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
27EE000
|
| Size: |
8192
|
|
|
3802000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984959445.0000000003802000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3802000
|
| Size: |
266240
|
|
|
18AE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669843190.00000000018AE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
18AE000
|
| Size: |
532480
|
|
|
6B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1528224635.00000000006B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B2000
|
| Size: |
4096
|
|
|
1841000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3684053979.0000000001841000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1841000
|
| Size: |
724992
|
|
|
510000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566120254.0000000000510000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
510000
|
| Size: |
4096
|
|
|
2D0C3AC7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628973317.000002D0C3AC7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AC7000
|
| Size: |
8192
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1558281408.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
2F1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000011.00000000.1627022425.00000000002F1000.00000020.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
2F1000
|
| Size: |
585728
|
|
|
28EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566841028.00000000028EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
28EF000
|
| Size: |
4096
|
|
|
28FB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1566979470.00000000028FB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FB000
|
| Size: |
57344
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1628845846.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
28FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1562520485.00000000028FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28FE000
|
| Size: |
147456
|
|
|
2D0C3ABE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1630114410.000002D0C3ABE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3ABE000
|
| Size: |
32768
|
|
|
429E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3668435586.000000000429E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
429E000
|
| Size: |
1286144
|
|
|
11C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1635906730.00000000011C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11C4000
|
| Size: |
4096
|
|
|
413E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985882231.000000000413E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
413E000
|
| Size: |
172032
|
|
|
184B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3682390566.000000000184B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
184B000
|
| Size: |
688128
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660391474.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
|
28F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1529783948.00000000028F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F6000
|
| Size: |
40960
|
|
|
534D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984631943.000000000534D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
534D000
|
| Size: |
12288
|
|
|
308F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1745042571.000000000308F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
308F000
|
| Size: |
4096
|
|
|
2D0C3A98000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629974720.000002D0C3A98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A98000
|
| Size: |
20480
|
|
|
178F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3683641249.000000000178F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
178F000
|
| Size: |
716800
|
|
|
1850000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3689848290.0000000001850000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1850000
|
| Size: |
798720
|
|
|
28F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1547468477.00000000028F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F5000
|
| Size: |
4096
|
|
|
30B7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.1586110783.00000000030B7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30B7000
|
| Size: |
4096
|
|
|
3B8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000011.00000000.1627197897.00000000003B8000.00000002.00000001.01000000.00000008.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3B8000
|
| Size: |
143360
|
|
|
1816000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3669649343.0000000001816000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1816000
|
| Size: |
524288
|
|
|
2D0C3A9E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628185947.000002D0C3A9E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3A9E000
|
| Size: |
28672
|
|
|
4E6F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3984435194.0000000004E6F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E6F000
|
| Size: |
49152
|
|
|
15DA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984549571.00000000015DA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15DA000
|
| Size: |
237568
|
|
|
E60000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1744873583.0000000000E60000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E60000
|
| Size: |
4096
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1530058212.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
30E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.1745082168.00000000030E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30E0000
|
| Size: |
24576
|
|
|
1252000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1629932886.0000000001252000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1252000
|
| Size: |
8192
|
|
|
4441000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1629295670.0000000004441000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4441000
|
| Size: |
4096
|
|
|
8AF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1591178581.00000000008AF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8AF000
|
| Size: |
4096
|
|
|
5DF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590836687.00000000005DF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5DF000
|
| Size: |
4096
|
|
|
183A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.3680721599.000000000183A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
183A000
|
| Size: |
651264
|
|
|
15BA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3984505682.00000000015BA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
15BA000
|
| Size: |
126976
|
|
|
1309000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983928023.0000000001309000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1309000
|
| Size: |
253952
|
|
|
6CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1557760753.00000000006CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CA000
|
| Size: |
4096
|
|
|
3CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000B.00000003.1603439855.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
11
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3CE0000
|
| Size: |
176128
|
|
|
28F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1530090678.00000000028F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F0000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3886000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985273123.0000000003886000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3886000
|
| Size: |
299008
|
|
|
1273000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3983787077.0000000001273000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1273000
|
| Size: |
610304
|
|
|
28F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1558330984.00000000028F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28F5000
|
| Size: |
28672
|
|
|
45C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1590699272.000000000045C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
45C000
|
| Size: |
16384
|
|
|
A3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000015.00000002.3983164812.0000000000A3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
21
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A3D000
|
| Size: |
12288
|
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000003.1534937144.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6A2000
|
| Size: |
16384
|
|
|
2D0C39E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000002.1629663321.000002D0C39E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C39E0000
|
| Size: |
8192
|
|
|
2D0C3AAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000010.00000003.1628568132.000002D0C3AAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
16
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D0C3AAE000
|
| Size: |
53248
|
|
|
43D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1636477091.00000000043D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
172032
|
|
|
39A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.3985480632.00000000039A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
39A6000
|
| Size: |
81920
|
|
|
3D01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000003.1660078472.0000000003D01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3D01000
|
| Size: |
4096
|
|
