760000
|
direct allocation
|
page execute and read and write
|
![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAAYCAYAAADpnJ2CAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAppJREFUeNqsVkFoU0EQnZ/W2haM0R71kIAe4sWKB70ULLSei3oRBI13bXMQD1rSoD3b1LuNIPQiGgQvWjDgxR5EvZiDQnOoRzV80dRqrPOWP5/9m92ftOnAsvt358/beTOzux455Gv6yBx3BdqZFEfqn+dsC54DLM3dO24p2rlkGLRuTiYcyvdcYInDh6xjhw3qCMjeneFuyqY8ePUK7b1wPvweODup5hwyFdjq6KF1Z8nlR9SXzVJzYTGc23hQVnNYc8hSbAx5RzMuwINrn+hb5ihtd40lz7FcaPOQwVI9ZGWcFALbbZQWusnKPadPKQrRMO5CUjprXuDdaFAGTgFtiBmS5N/6lzBLfz9+wol0Lo5SkRNM7ftEXKLoXkmWbvk+/bpzl37euKnGANN1OpWJx96hBJ66gIamr1F/d9TR3zer1Czdpz/cOyQHwDUepM3iHpq+rnYPL7b8H5Eih1EINiMCmr3kPm5JRXOztBhSr0ndetKkXlcVGH5sjI3zj+tM43wA7qtaRJNvrEEHuhJT2LCepTZKD3x4S/7FS9T6WIvUGbwcnr1N/ceyCqjFHiCe8ESvRejtf/6Mvh8/2UZpgjOnwoPIdjZfrIRgIsOzt4LjbEIZ7GNQjPU1nV7YMKTKWGWhNB8J/mo06IiZ0KRvBIaFfomry4ZgeNpJg7SdUZMceFAW4Z7nYHhgciLMWmTl5ssVFTebvjZXZu9y5klT5NbAwPxZ4iJgWId3GKs5ptcUzUZDZ9B5eKPIcRO0ajXVS4lsLD1UJ47oDOYuh6UguuhFxzy8Pct9iCNu1KxHV2110KkzWCb2iRFcmq926aYYZ8Bq7AUcKFR2AaxigsW9afKSQD1Ivqs3TeAlXlulHsCKthcb5L8AAwCehEsTSl88KQAAAABJRU5ErkJggg==) |
|
|
Name: |
00000000.00000002.2254958129.0000000000760000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
760000
|
Size: |
368640
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found malware configuration |
AV Detection |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Sample uses string decryption to hide its real strings |
AV Detection |
|
Yara signature match |
System Summary |
|
|
36A6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759559034.00000000036A6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36A6000
|
Size: |
8192
|
|
3685000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908461906.0000000003685000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3685000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499621754.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
365D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759080319.000000000365D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365D000
|
Size: |
4096
|
|
3661000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2253914618.0000000003661000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3661000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3670000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1887720338.0000000003670000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3670000
|
Size: |
20480
|
|
39B7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890121159.00000000039B7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39B7000
|
Size: |
4096
|
|
876000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000876000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
876000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499216665.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
82D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.000000000082D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
82D000
|
Size: |
4096
|
|
3684000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097757509.0000000003684000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3684000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499118483.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1498994673.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
506C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.000000000506C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
506C000
|
Size: |
32768
|
|
4CCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258667375.0000000004CCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4CCE000
|
Size: |
8192
|
|
23F8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487878589.00000000023F8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
23F8000
|
Size: |
208896
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499762786.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3719000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1887893152.0000000003719000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3719000
|
Size: |
4096
|
|
367E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.000000000367E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367E000
|
Size: |
4096
|
|
365B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2258398230.000000000365B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365B000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910712088.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3695000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758950810.0000000003695000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3695000
|
Size: |
143360
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629525530.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
35E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2258086061.00000000035E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E0000
|
Size: |
163840
|
|
84E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.000000000084E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
84E000
|
Size: |
4096
|
|
82A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2266402891.00000000082A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
82A0000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1630244077.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909916255.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
851000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000851000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
851000
|
Size: |
4096
|
|
365B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1760252450.000000000365B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365B000
|
Size: |
32768
|
|
344E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257869068.000000000344E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
344E000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911162121.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
9F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256172046.00000000009F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9F0000
|
Size: |
8192
|
|
3667000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907000807.0000000003667000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3667000
|
Size: |
20480
|
|
309E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257667069.000000000309E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
309E000
|
Size: |
8192
|
|
3637000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631837536.0000000003637000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3637000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909217524.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3679000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907799374.0000000003679000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3679000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1912215194.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
81D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.000000000081D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81D000
|
Size: |
4096
|
|
884000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256477161.0000000000884000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
884000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499778135.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
36E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2090933717.00000000036E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36E1000
|
Size: |
290816
|
|
3665000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885475576.0000000003665000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3665000
|
Size: |
4096
|
|
3685000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758950810.0000000003685000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3685000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
892000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085160314.0000000000892000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
892000
|
Size: |
12288
|
|
809000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000809000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
809000
|
Size: |
16384
|
|
80E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E000
|
Size: |
4096
|
|
830000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000830000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
830000
|
Size: |
8192
|
|
81F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2252940545.000000000081F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81F000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911315734.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3666000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916016031.0000000003666000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3666000
|
Size: |
4096
|
|
3658000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758494799.0000000003658000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3658000
|
Size: |
4096
|
|
3639000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631463640.0000000003639000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3639000
|
Size: |
8192
|
|
81F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.000000000081F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81F000
|
Size: |
61440
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3683000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078933252.0000000003683000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3683000
|
Size: |
8192
|
|
3687000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245883750.0000000003687000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3687000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910100657.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909934823.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
398F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890121159.000000000398F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
398F000
|
Size: |
4096
|
|
360E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759334197.000000000360E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
360E000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911584292.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
872000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000872000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
872000
|
Size: |
4096
|
|
85D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.000000000085D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85D000
|
Size: |
8192
|
|
886000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256477161.0000000000886000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
886000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490294808.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489729416.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
897000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2225011826.0000000000897000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
897000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3606000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631463640.0000000003606000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3606000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
7EC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.00000000007EC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7EC000
|
Size: |
4096
|
|
366C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2090234974.000000000366C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366C000
|
Size: |
4096
|
|
862000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000862000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
862000
|
Size: |
8192
|
|
845000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000845000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
845000
|
Size: |
16384
|
|
8A1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256477161.00000000008A1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8A1000
|
Size: |
4096
|
|
366E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097757509.000000000366E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366E000
|
Size: |
61440
|
|
857000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000857000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
857000
|
Size: |
4096
|
|
3666000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758764281.0000000003666000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3666000
|
Size: |
4096
|
|
36E8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916460352.00000000036E8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36E8000
|
Size: |
8192
|
|
D0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256213881.0000000000D0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
D0E000
|
Size: |
8192
|
|
811000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000811000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
811000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
886000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2080065178.0000000000886000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
886000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
830000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000830000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
830000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
279E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257301089.000000000279E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
279E000
|
Size: |
8192
|
|
87B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2080065178.000000000087B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87B000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909735366.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
466000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.1363943643.0000000000466000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
466000
|
Size: |
8192
|
|
3A8D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2225196805.0000000003A8D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A8D000
|
Size: |
577536
|
|
848000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.0000000000848000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
848000
|
Size: |
32768
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910944031.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3684000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085349574.0000000003684000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3684000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629581097.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490325242.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499234006.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
4FD1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4FD1000
|
Size: |
528384
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910876909.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
828000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000828000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
828000
|
Size: |
12288
|
|
3613000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631266942.0000000003613000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3613000
|
Size: |
4096
|
|
3676000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078933252.0000000003676000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3676000
|
Size: |
12288
|
|
36A9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759559034.00000000036A9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36A9000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911875319.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
852000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000852000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
852000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499542176.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
897000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085160314.0000000000897000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
897000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
36A6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908021064.00000000036A6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36A6000
|
Size: |
4096
|
|
7CA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255216927.00000000007CA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7CA000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911035576.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3653000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758494799.0000000003653000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3653000
|
Size: |
12288
|
|
3666000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2253914618.0000000003666000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3666000
|
Size: |
12288
|
|
85C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.000000000085C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85C000
|
Size: |
8192
|
|
6FAF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263286621.0000000006FAF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6FAF000
|
Size: |
4096
|
|
7800000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2265660622.0000000007800000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7800000
|
Size: |
65536
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909591590.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
36F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2084967065.00000000036F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36F9000
|
Size: |
4096
|
|
81D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916356358.000000000081D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81D000
|
Size: |
4096
|
|
76FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264917020.00000000076FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
76FE000
|
Size: |
8192
|
|
3696000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759559034.0000000003696000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3696000
|
Size: |
40960
|
|
805000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000805000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
805000
|
Size: |
4096
|
|
3010000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257535292.0000000003010000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3010000
|
Size: |
65536
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1493774745.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
4D0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258708218.0000000004D0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4D0E000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629427235.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911057000.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
38EB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2090676429.00000000038EB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
38EB000
|
Size: |
495616
|
|
365C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890074217.000000000365C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365C000
|
Size: |
8192
|
|
801000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255520208.0000000000801000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
801000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629455950.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2590000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257119652.0000000002590000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2590000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910064478.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629082916.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3616000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2258086061.0000000003616000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3616000
|
Size: |
36864
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629366551.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
35AF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2258029188.00000000035AF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
35AF000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489848571.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911956356.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245594945.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
805000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1628839473.0000000000805000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
805000
|
Size: |
40960
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
39BF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890121159.00000000039BF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39BF000
|
Size: |
4096
|
|
368C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097757509.000000000368C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
368C000
|
Size: |
4096
|
|
3694000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097757509.0000000003694000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3694000
|
Size: |
204800
|
|
3666000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907535156.0000000003666000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3666000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890504023.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
8192
|
|
6E1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263103163.0000000006E1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6E1E000
|
Size: |
8192
|
|
36E8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888573829.00000000036E8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36E8000
|
Size: |
16384
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1630031309.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
39F4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245734604.00000000039F4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39F4000
|
Size: |
86016
|
|
2FD0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2257395610.0000000002FD0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2FD0000
|
Size: |
20480
|
|
3621000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888484212.0000000003621000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3621000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499796422.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
834000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.0000000000834000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
834000
|
Size: |
4096
|
|
6E5E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263135036.0000000006E5E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6E5E000
|
Size: |
8192
|
|
6F2A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263201257.0000000006F2A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6F2A000
|
Size: |
24576
|
|
872000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2252940545.0000000000872000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
872000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
844000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
844000
|
Size: |
8192
|
|
805000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000805000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
805000
|
Size: |
8192
|
|
3658000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759080319.0000000003658000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3658000
|
Size: |
4096
|
|
7440000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264167191.0000000007440000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7440000
|
Size: |
57344
|
|
828000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000828000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
828000
|
Size: |
16384
|
|
367C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1760252450.000000000367C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367C000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629326382.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7419000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264167191.0000000007419000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7419000
|
Size: |
122880
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629694738.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
77F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2265580633.00000000077F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
77F0000
|
Size: |
65536
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499333801.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911081876.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499386973.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
368C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085349574.000000000368C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
368C000
|
Size: |
4096
|
|
3600000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631266942.0000000003600000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3600000
|
Size: |
12288
|
|
35FB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916016031.00000000035FB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35FB000
|
Size: |
8192
|
|
35EA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631741717.00000000035EA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35EA000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910772112.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3658000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888299800.0000000003658000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3658000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500067105.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
818000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000818000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
818000
|
Size: |
12288
|
|
828000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000828000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
828000
|
Size: |
24576
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910013312.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
8240000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2266240015.0000000008240000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
8240000
|
Size: |
4096
|
|
3695000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2090494750.0000000003695000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3695000
|
Size: |
102400
|
|
892000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098375741.0000000000892000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
892000
|
Size: |
8192
|
|
87B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908607385.000000000087B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87B000
|
Size: |
106496
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
773E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264953414.000000000773E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
773E000
|
Size: |
8192
|
|
508C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.000000000508C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
508C000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
35E3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2090234974.00000000035E3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E3000
|
Size: |
253952
|
|
3711000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1887893152.0000000003711000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3711000
|
Size: |
20480
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1493870602.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3694000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224371602.0000000003694000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3694000
|
Size: |
4096
|
|
5D69000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2262706536.0000000005D69000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5D69000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489813815.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
88F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2225011826.000000000088F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
88F000
|
Size: |
4096
|
|
35F1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1632003393.00000000035F1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F1000
|
Size: |
4096
|
|
4FAF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.0000000004FAF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4FAF000
|
Size: |
94208
|
|
87A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1628787883.000000000087A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87A000
|
Size: |
28672
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245626336.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3612000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2258086061.0000000003612000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3612000
|
Size: |
12288
|
|
706E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263414764.000000000706E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
706E000
|
Size: |
8192
|
|
23F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487454677.00000000023F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
23F1000
|
Size: |
65536
|
|
50C3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.00000000050C3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
50C3000
|
Size: |
811008
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629745425.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
810000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916356358.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
810000
|
Size: |
4096
|
|
6D9E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263032965.0000000006D9E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6D9E000
|
Size: |
8192
|
|
4C7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258604795.0000000004C7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4C7E000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489522433.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
82D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.000000000082D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
82D000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1498972783.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3685000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908021064.0000000003685000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3685000
|
Size: |
4096
|
|
840000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000840000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
840000
|
Size: |
12288
|
|
36E8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2084967065.00000000036E8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36E8000
|
Size: |
8192
|
|
856000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000856000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
856000
|
Size: |
8192
|
|
34AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257944228.00000000034AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
34AE000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489272846.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7511000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264784290.0000000007511000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7511000
|
Size: |
4096
|
|
836000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.0000000000836000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
836000
|
Size: |
20480
|
|
3668000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097757509.0000000003668000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3668000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500479029.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7FC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255396657.00000000007FC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7FC000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499304424.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911932704.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
36E8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889090856.00000000036E8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36E8000
|
Size: |
8192
|
|
35FB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759334197.00000000035FB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35FB000
|
Size: |
4096
|
|
806000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000806000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
806000
|
Size: |
4096
|
|
888000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256477161.0000000000888000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
888000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
897000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098375741.0000000000897000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
897000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
367C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759080319.000000000367C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367C000
|
Size: |
4096
|
|
367B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907385996.000000000367B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367B000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
5083000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.0000000005083000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5083000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910600090.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
5D61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2262706536.0000000005D61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5D61000
|
Size: |
28672
|
|
800000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916356358.0000000000800000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
800000
|
Size: |
4096
|
|
894000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256477161.0000000000894000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
894000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1618234486.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911236117.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2F7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257242547.0000000002F7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F7E000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910796652.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3684000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224371602.0000000003684000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3684000
|
Size: |
4096
|
|
3600000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631719816.0000000003600000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3600000
|
Size: |
4096
|
|
85D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.000000000085D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85D000
|
Size: |
8192
|
|
3658000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885475576.0000000003658000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3658000
|
Size: |
4096
|
|
229E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256904255.000000000229E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
229E000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629178158.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911851895.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3609000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631837536.0000000003609000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3609000
|
Size: |
8192
|
|
4D25000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2258739869.0000000004D25000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
4D25000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489996642.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3682000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907799374.0000000003682000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3682000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499983431.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910082837.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
862000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000862000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
862000
|
Size: |
8192
|
|
690000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2254813196.0000000000690000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
690000
|
Size: |
8192
|
|
367C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885475576.000000000367C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367C000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910919016.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
882000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256447837.0000000000882000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
882000
|
Size: |
4096
|
|
36C1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224308705.00000000036C1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36C1000
|
Size: |
4096
|
|
82B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2266435774.00000000082B0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
82B0000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499523590.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
847000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000847000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
847000
|
Size: |
40960
|
|
7471000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264638738.0000000007471000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7471000
|
Size: |
20480
|
|
88C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098375741.000000000088C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
88C000
|
Size: |
20480
|
|
702A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263356505.000000000702A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
702A000
|
Size: |
24576
|
|
9BF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256839230.00000000009BF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9BF000
|
Size: |
4096
|
|
743B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264167191.000000000743B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
743B000
|
Size: |
16384
|
|
800000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000800000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
800000
|
Size: |
8192
|
|
366A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1887720338.000000000366A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366A000
|
Size: |
4096
|
|
365D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1887819688.000000000365D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365D000
|
Size: |
40960
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499911918.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489409350.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6EED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263168839.0000000006EED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6EED000
|
Size: |
12288
|
|
3DE9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2088174462.0000000003DE9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3DE9000
|
Size: |
5242880
|
|
3677000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085349574.0000000003677000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3677000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911262055.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
89C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2080065178.000000000089C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
89C000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1498908803.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
5D89000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2262706536.0000000005D89000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5D89000
|
Size: |
147456
|
|
886000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098375741.0000000000886000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
886000
|
Size: |
20480
|
|
851000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.0000000000851000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
851000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487482367.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3688000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078933252.0000000003688000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3688000
|
Size: |
8192
|
|
36F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888573829.00000000036F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36F9000
|
Size: |
4096
|
|
3711000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2084967065.0000000003711000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3711000
|
Size: |
4096
|
|
763E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264820450.000000000763E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
763E000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1630098216.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
367F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245883750.000000000367F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367F000
|
Size: |
4096
|
|
8290000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2266361966.0000000008290000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8290000
|
Size: |
16384
|
|
892000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245994632.0000000000892000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
892000
|
Size: |
65536
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909125520.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
365D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.000000000365D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365D000
|
Size: |
4096
|
|
3618000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631266942.0000000003618000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3618000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
810000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1628839473.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
810000
|
Size: |
45056
|
|
830000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000830000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
830000
|
Size: |
8192
|
|
800000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1628839473.0000000000800000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
800000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911565985.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
4EBA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.0000000004EBA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4EBA000
|
Size: |
995328
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
7F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255396657.00000000007F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7F7000
|
Size: |
8192
|
|
7830000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2265889827.0000000007830000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7830000
|
Size: |
65536
|
|
7820000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2265809621.0000000007820000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7820000
|
Size: |
65536
|
|
35EA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1760252450.00000000035EA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35EA000
|
Size: |
4096
|
|
83E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.000000000083E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
83E000
|
Size: |
16384
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909102043.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2F00000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256899869.0000000002F00000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F00000
|
Size: |
4096
|
|
80E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E000
|
Size: |
4096
|
|
35F6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.00000000035F6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F6000
|
Size: |
8192
|
|
80E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E000
|
Size: |
4096
|
|
36C5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098578856.00000000036C5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36C5000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911901772.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
81D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.000000000081D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81D000
|
Size: |
4096
|
|
832000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1628839473.0000000000832000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
832000
|
Size: |
167936
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
365D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758764281.000000000365D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365D000
|
Size: |
4096
|
|
369B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888845598.000000000369B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
369B000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499579271.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
35ED000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1760252450.00000000035ED000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35ED000
|
Size: |
4096
|
|
3687000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907683220.0000000003687000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3687000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910047626.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3719000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2084967065.0000000003719000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3719000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909185676.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
81C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1628839473.000000000081C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81C000
|
Size: |
86016
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
894000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2253797635.0000000000894000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
894000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911386222.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
22E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256989255.00000000022E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
22E0000
|
Size: |
16384
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1498955477.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2260000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487524992.0000000002260000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2260000
|
Size: |
176128
|
|
D90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256335410.0000000000D90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D90000
|
Size: |
16384
|
|
7F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.00000000007F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7F1000
|
Size: |
57344
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
36B1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759559034.00000000036B1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36B1000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1493752554.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
840000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000840000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
840000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909885375.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490308899.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489320334.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489493827.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
815000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000815000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
815000
|
Size: |
4096
|
|
88E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2253867546.000000000088E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
88E000
|
Size: |
4096
|
|
3687000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224371602.0000000003687000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3687000
|
Size: |
8192
|
|
36BD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888845598.00000000036BD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36BD000
|
Size: |
4096
|
|
366A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2090234974.000000000366A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366A000
|
Size: |
4096
|
|
3676000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759080319.0000000003676000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3676000
|
Size: |
4096
|
|
7EA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2253762636.00000000007EA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7EA000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911519649.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245569544.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499894245.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
84E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.000000000084E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
84E000
|
Size: |
4096
|
|
7780000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2265038513.0000000007780000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7780000
|
Size: |
65536
|
|
2F0A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2256934585.0000000002F0A000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2F0A000
|
Size: |
4096
|
|
815000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000815000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
815000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910551411.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629203352.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7840000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2266004001.0000000007840000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7840000
|
Size: |
65536
|
|
77A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2265210656.00000000077A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
77A0000
|
Size: |
61440
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499932483.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
84A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.000000000084A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
84A000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910689042.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
36C5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888845598.00000000036C5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36C5000
|
Size: |
4096
|
|
2CDE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257403663.0000000002CDE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2CDE000
|
Size: |
8192
|
|
831000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.0000000000831000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
831000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489831592.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499742762.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499063545.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
35E6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631741717.00000000035E6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E6000
|
Size: |
4096
|
|
3666000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097757509.0000000003666000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3666000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629635632.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
70EE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263512770.00000000070EE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
70EE000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489778476.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911011679.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3609000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631463640.0000000003609000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3609000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910963812.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629386358.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
367C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245883750.000000000367C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367C000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910136447.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
85C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1628839473.000000000085C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85C000
|
Size: |
110592
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
365B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888299800.000000000365B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365B000
|
Size: |
4096
|
|
81D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.000000000081D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81D000
|
Size: |
40960
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500496621.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499688228.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490347345.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3685000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907683220.0000000003685000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3685000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1630274144.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2FC0000
|
heap
|
page readonly
|
|
|
|
Name: |
00000007.00000002.2257352307.0000000002FC0000.00000002.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page readonly
|
Base address: |
2FC0000
|
Size: |
4096
|
|
22F0000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257033566.00000000022F0000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
22F0000
|
Size: |
4096
|
|
3610000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759334197.0000000003610000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3610000
|
Size: |
4096
|
|
3695000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889175243.0000000003695000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3695000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489442549.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3601000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759334197.0000000003601000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3601000
|
Size: |
4096
|
|
365B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.000000000365B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365B000
|
Size: |
4096
|
|
817000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255520208.0000000000817000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
817000
|
Size: |
16384
|
|
735E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263916631.000000000735E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
735E000
|
Size: |
8192
|
|
360A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759334197.000000000360A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
360A000
|
Size: |
4096
|
|
805000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255520208.0000000000805000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
805000
|
Size: |
8192
|
|
85D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.000000000085D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85D000
|
Size: |
8192
|
|
828000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000828000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
828000
|
Size: |
24576
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1498826445.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3639000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631837536.0000000003639000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3639000
|
Size: |
8192
|
|
3623000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631164449.0000000003623000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3623000
|
Size: |
12288
|
|
3658000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1760252450.0000000003658000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3658000
|
Size: |
4096
|
|
360C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631266942.000000000360C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
360C000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499354062.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
364E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758573866.000000000364E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
364E000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909971077.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2FE0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257445801.0000000002FE0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2FE0000
|
Size: |
4096
|
|
36E8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1887893152.00000000036E8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36E8000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629560581.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
81A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.000000000081A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81A000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
6F6E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263245684.0000000006F6E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6F6E000
|
Size: |
8192
|
|
36BD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098578856.00000000036BD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36BD000
|
Size: |
4096
|
|
36B6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098578856.00000000036B6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36B6000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499445122.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
370F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2084967065.000000000370F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
370F000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490139363.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909166099.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7FE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916356358.00000000007FE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7FE000
|
Size: |
4096
|
|
3688000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1906906364.0000000003688000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3688000
|
Size: |
20480
|
|
393F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890121159.000000000393F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
393F000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1630207719.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3605000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759334197.0000000003605000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3605000
|
Size: |
4096
|
|
31FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257744442.00000000031FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
31FE000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911983586.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489252421.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7FA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255396657.00000000007FA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7FA000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
86A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.000000000086A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
86A000
|
Size: |
12288
|
|
3709000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888573829.0000000003709000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3709000
|
Size: |
73728
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500092237.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
35F1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1632036900.00000000035F1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F1000
|
Size: |
4096
|
|
7438000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264167191.0000000007438000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7438000
|
Size: |
8192
|
|
35E3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885475576.00000000035E3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E3000
|
Size: |
8192
|
|
2810000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257351197.0000000002810000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2810000
|
Size: |
12288
|
|
5DC0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2262706536.0000000005DC0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5DC0000
|
Size: |
24576
|
|
3606000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.0000000003606000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3606000
|
Size: |
118784
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500119806.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3676000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.0000000003676000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3676000
|
Size: |
4096
|
|
84A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.000000000084A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
84A000
|
Size: |
4096
|
|
897000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2080065178.0000000000897000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
897000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911778448.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255216927.00000000007CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7CE000
|
Size: |
86016
|
|
35EE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759334197.00000000035EE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35EE000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911543482.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
845000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000845000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
845000
|
Size: |
4096
|
|
3600000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1632003393.0000000003600000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3600000
|
Size: |
4096
|
|
3694000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.0000000003694000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3694000
|
Size: |
12288
|
|
882000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2080065178.0000000000882000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
882000
|
Size: |
12288
|
|
7F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255396657.00000000007F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7F1000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499487661.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
46A000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1363978866.000000000046A000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
46A000
|
Size: |
1302528
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
3685000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759559034.0000000003685000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3685000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499559299.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911635872.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
32FF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257784449.00000000032FF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
32FF000
|
Size: |
4096
|
|
365D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885475576.000000000365D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365D000
|
Size: |
24576
|
|
3669000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885475576.0000000003669000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3669000
|
Size: |
73728
|
|
2EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256620782.0000000002EE0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2EE0000
|
Size: |
12288
|
|
6D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2254850261.00000000006D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D0000
|
Size: |
16384
|
|
77C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2265362585.00000000077C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
77C0000
|
Size: |
65536
|
|
35F1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631266942.00000000035F1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F1000
|
Size: |
4096
|
|
3676000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759755790.0000000003676000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3676000
|
Size: |
4096
|
|
2EF9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256797672.0000000002EF9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2EF9000
|
Size: |
16384
|
|
84E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.000000000084E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
84E000
|
Size: |
4096
|
|
361B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631164449.000000000361B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361B000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
818000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000818000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
818000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911133703.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2ED0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256572493.0000000002ED0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2ED0000
|
Size: |
20480
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499371610.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3676000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907385996.0000000003676000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3676000
|
Size: |
8192
|
|
830000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000830000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
830000
|
Size: |
8192
|
|
367D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759559034.000000000367D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367D000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1912039277.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
87A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.000000000087A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87A000
|
Size: |
4096
|
|
2EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256531412.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2EC0000
|
Size: |
8192
|
|
834000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000834000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
834000
|
Size: |
8192
|
|
2F12000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257006755.0000000002F12000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F12000
|
Size: |
12288
|
|
3680000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907385996.0000000003680000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3680000
|
Size: |
4096
|
|
806000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2252940545.0000000000806000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
806000
|
Size: |
4096
|
|
3094000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257624575.0000000003094000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3094000
|
Size: |
512000
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909321186.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3719000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889090856.0000000003719000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3719000
|
Size: |
4096
|
|
7FE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1628839473.00000000007FE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7FE000
|
Size: |
4096
|
|
88C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2225011826.000000000088C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
88C000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908533477.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
81A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.000000000081A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81A000
|
Size: |
4096
|
|
382D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1632097203.000000000382D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
382D000
|
Size: |
4096
|
|
4D50000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2258803701.0000000004D50000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
4D50000
|
Size: |
4096
|
|
35E4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631741717.00000000035E4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E4000
|
Size: |
4096
|
|
875000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000875000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
875000
|
Size: |
16384
|
|
3020000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257624575.0000000003020000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3020000
|
Size: |
28672
|
|
3666000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2090234974.0000000003666000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3666000
|
Size: |
4096
|
|
71E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2254890163.000000000071E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
71E000
|
Size: |
8192
|
|
5055000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.0000000005055000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5055000
|
Size: |
90112
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499134565.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
745A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264551709.000000000745A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
745A000
|
Size: |
86016
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1915834346.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2E6F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256423742.0000000002E6F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E6F000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910619524.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
739F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263994396.000000000739F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
739F000
|
Size: |
4096
|
|
3057000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257624575.0000000003057000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3057000
|
Size: |
188416
|
|
832000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000832000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
832000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
88E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256477161.000000000088E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
88E000
|
Size: |
4096
|
|
3669000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758454483.0000000003669000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3669000
|
Size: |
12288
|
|
3666000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759080319.0000000003666000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3666000
|
Size: |
12288
|
|
856000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000856000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
856000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911667497.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500533864.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
892000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2080065178.0000000000892000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
892000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629347030.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
767F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264855546.000000000767F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
767F000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245649029.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
367C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1760230851.000000000367C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367C000
|
Size: |
4096
|
|
882000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085160314.0000000000882000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
882000
|
Size: |
12288
|
|
3637000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631463640.0000000003637000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3637000
|
Size: |
4096
|
|
84A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.000000000084A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
84A000
|
Size: |
4096
|
|
36AE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098578856.00000000036AE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36AE000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911802182.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489297163.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
876000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256415894.0000000000876000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
876000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910444907.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911475107.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911498779.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
840000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000840000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
840000
|
Size: |
12288
|
|
367A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890442481.000000000367A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367A000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910030514.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
89F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256477161.000000000089F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
89F000
|
Size: |
4096
|
|
36E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916460352.00000000036E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36E1000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499505779.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489796158.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245695427.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3618000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759334197.0000000003618000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3618000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489572720.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
4D20000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2258739869.0000000004D20000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
4D20000
|
Size: |
12288
|
|
2FBE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257303764.0000000002FBE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2FBE000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1630178536.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
83C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.000000000083C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
83C000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
36F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890003313.00000000036F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36F9000
|
Size: |
139264
|
|
36C5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224308705.00000000036C5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36C5000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909543913.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
35E7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1760252450.00000000035E7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E7000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629301336.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
81F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.000000000081F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81F000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489543216.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3694000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098278933.0000000003694000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3694000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499248690.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
810000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255520208.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
810000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
70AB000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263455288.00000000070AB000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
70AB000
|
Size: |
20480
|
|
367B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907000807.000000000367B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367B000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3A57000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890121159.0000000003A57000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A57000
|
Size: |
4096
|
|
80E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E000
|
Size: |
4096
|
|
86A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.000000000086A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
86A000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1493850756.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7FE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.00000000007FE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7FE000
|
Size: |
8192
|
|
862000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000862000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
862000
|
Size: |
8192
|
|
334E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257821599.000000000334E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
334E000
|
Size: |
8192
|
|
36F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1887893152.00000000036F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36F9000
|
Size: |
81920
|
|
42F4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2091103472.00000000042F4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
42F4000
|
Size: |
593920
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910119056.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
9B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2254493210.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B000
|
Size: |
20480
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911339166.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
367E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097757509.000000000367E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367E000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909680557.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489461965.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
809000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255520208.0000000000809000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
809000
|
Size: |
4096
|
|
83E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2266463572.00000000083E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
83E0000
|
Size: |
4096
|
|
3907000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890121159.0000000003907000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3907000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
368C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078933252.000000000368C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
368C000
|
Size: |
4096
|
|
892000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2225011826.0000000000892000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
892000
|
Size: |
8192
|
|
8280000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2266335081.0000000008280000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
8280000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911690765.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499835938.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629612631.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
887000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085160314.0000000000887000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
887000
|
Size: |
40960
|
|
857000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.0000000000857000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
857000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1498939175.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
80C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.000000000080C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80C000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490118045.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7486000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264724965.0000000007486000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7486000
|
Size: |
45056
|
|
801000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2252940545.0000000000801000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
801000
|
Size: |
4096
|
|
5190000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.0000000005190000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5190000
|
Size: |
856064
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499268711.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916724026.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7790000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2265159886.0000000007790000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7790000
|
Size: |
16384
|
|
92C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256032953.000000000092C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
92C000
|
Size: |
16384
|
|
35F4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759334197.00000000035F4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F4000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909145737.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
35EA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916016031.00000000035EA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35EA000
|
Size: |
8192
|
|
80A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.000000000080A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80A000
|
Size: |
12288
|
|
2F1D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257537812.0000000002F1D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F1D000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499465590.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
36B5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888845598.00000000036B5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36B5000
|
Size: |
4096
|
|
3719000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916286555.0000000003719000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3719000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499420204.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245672520.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908553964.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
36A3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098578856.00000000036A3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36A3000
|
Size: |
4096
|
|
2EE3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2256660056.0000000002EE3000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2EE3000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490098557.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629256195.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
837000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000837000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
837000
|
Size: |
24576
|
|
2F10000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256974483.0000000002F10000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F10000
|
Size: |
4096
|
|
36E7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1630907308.00000000036E7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36E7000
|
Size: |
602112
|
|
365F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890074217.000000000365F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365F000
|
Size: |
8192
|
|
304B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257624575.000000000304B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
304B000
|
Size: |
45056
|
|
897000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908607385.0000000000897000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
897000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500511869.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3600000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631611110.0000000003600000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3600000
|
Size: |
4096
|
|
7220000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263690052.0000000007220000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7220000
|
Size: |
307200
|
|
818000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2252940545.0000000000818000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
818000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910577140.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
87B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098375741.000000000087B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87B000
|
Size: |
40960
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1912004239.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256797672.0000000002EF0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2EF0000
|
Size: |
32768
|
|
365B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916016031.000000000365B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365B000
|
Size: |
8192
|
|
877000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1628787883.0000000000877000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
877000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1618261548.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2254440369.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3600000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1632036900.0000000003600000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3600000
|
Size: |
4096
|
|
4DBB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.0000000004DBB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4DBB000
|
Size: |
1032192
|
|
3651000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758573866.0000000003651000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3651000
|
Size: |
8192
|
|
2E70000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256448849.0000000002E70000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E70000
|
Size: |
4096
|
|
3685000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907385996.0000000003685000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3685000
|
Size: |
12288
|
|
366C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2253914618.000000000366C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366C000
|
Size: |
4096
|
|
86C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.000000000086C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
86C000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911610077.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629717518.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909705921.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
73B0000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2264055289.00000000073B0000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
73B0000
|
Size: |
4096
|
|
D8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256302869.0000000000D8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
D8E000
|
Size: |
8192
|
|
815000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000815000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
815000
|
Size: |
4096
|
|
883000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2225011826.0000000000883000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
883000
|
Size: |
8192
|
|
367C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1887249913.000000000367C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367C000
|
Size: |
4096
|
|
19D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2254681760.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
19D000
|
Size: |
12288
|
|
6FED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263317310.0000000006FED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6FED000
|
Size: |
12288
|
|
4FC8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.0000000004FC8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4FC8000
|
Size: |
32768
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910854399.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909848301.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
81D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.000000000081D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81D000
|
Size: |
4096
|
|
890000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256477161.0000000000890000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
890000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489220646.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489479495.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489707880.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909952186.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
366E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907000807.000000000366E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366E000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
777D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264991994.000000000777D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
777D000
|
Size: |
12288
|
|
818000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000818000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
818000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629672565.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3650000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631837536.0000000003650000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3650000
|
Size: |
8192
|
|
367C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759755790.000000000367C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367C000
|
Size: |
4096
|
|
815000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000815000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
815000
|
Size: |
8192
|
|
365F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907875064.000000000365F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365F000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
365F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2090234974.000000000365F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365F000
|
Size: |
16384
|
|
366E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1887720338.000000000366E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366E000
|
Size: |
4096
|
|
830000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000830000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
830000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500040261.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3674000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759080319.0000000003674000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3674000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499814801.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
366A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631837536.000000000366A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366A000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629235226.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
820000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.0000000000820000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
820000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2F30000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257176092.0000000002F30000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2F30000
|
Size: |
4096
|
|
875000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000875000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
875000
|
Size: |
12288
|
|
364E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631673442.000000000364E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
364E000
|
Size: |
12288
|
|
77D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2265432414.00000000077D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
77D0000
|
Size: |
65536
|
|
36B6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759559034.00000000036B6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36B6000
|
Size: |
4096
|
|
367A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889047728.000000000367A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367A000
|
Size: |
12288
|
|
366C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758429156.000000000366C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366C000
|
Size: |
4096
|
|
2DDD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257445382.0000000002DDD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2DDD000
|
Size: |
12288
|
|
84E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.000000000084E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
84E000
|
Size: |
4096
|
|
3684000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2258525688.0000000003684000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3684000
|
Size: |
4096
|
|
391F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890121159.000000000391F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
391F000
|
Size: |
4096
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1363822889.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
3688000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907252872.0000000003688000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3688000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499852881.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
464000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2254724130.0000000000464000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
464000
|
Size: |
12288
|
|
2EE4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256694050.0000000002EE4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2EE4000
|
Size: |
36864
|
|
7FE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.00000000007FE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7FE000
|
Size: |
16384
|
|
85C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.000000000085C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85C000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3633000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631164449.0000000003633000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3633000
|
Size: |
139264
|
|
23F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257078148.00000000023F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
23F0000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499187410.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499950690.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
83E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.000000000083E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
83E000
|
Size: |
16384
|
|
D95000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256335410.0000000000D95000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
D95000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910741107.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
829000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.0000000000829000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
829000
|
Size: |
16384
|
|
875000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000875000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
875000
|
Size: |
24576
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909279656.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3677000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907799374.0000000003677000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3677000
|
Size: |
4096
|
|
2E90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256477968.0000000002E90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2E90000
|
Size: |
32768
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911293713.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3674000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.0000000003674000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3674000
|
Size: |
4096
|
|
716E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263623193.000000000716E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
716E000
|
Size: |
8192
|
|
38E8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890121159.00000000038E8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
38E8000
|
Size: |
4096
|
|
861000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255853718.0000000000861000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
861000
|
Size: |
4096
|
|
80E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255520208.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911189675.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3668000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.0000000003668000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3668000
|
Size: |
8192
|
|
3684000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245883750.0000000003684000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3684000
|
Size: |
4096
|
|
81D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255520208.000000000081D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81D000
|
Size: |
4096
|
|
89C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085160314.000000000089C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
89C000
|
Size: |
24576
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911418748.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
35E5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758727674.00000000035E5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E5000
|
Size: |
36864
|
|
815000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000815000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
815000
|
Size: |
4096
|
|
89C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2253681183.000000000089C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
89C000
|
Size: |
12288
|
|
36F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889090856.00000000036F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36F9000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910664429.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7E4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255216927.00000000007E4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7E4000
|
Size: |
24576
|
|
3660000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.0000000003660000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3660000
|
Size: |
4096
|
|
800000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000800000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
800000
|
Size: |
8192
|
|
809000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000809000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
809000
|
Size: |
16384
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910894810.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3118000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257624575.0000000003118000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3118000
|
Size: |
28672
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911754954.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
365D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907535156.000000000365D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365D000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
397C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245734604.000000000397C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
397C000
|
Size: |
4096
|
|
821000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2252940545.0000000000821000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
821000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910496115.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
36EA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890003313.00000000036EA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36EA000
|
Size: |
24576
|
|
2800000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490085025.0000000002800000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
2800000
|
Size: |
4096
|
|
810000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
810000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
367C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.000000000367C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367C000
|
Size: |
4096
|
|
36B2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098578856.00000000036B2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36B2000
|
Size: |
4096
|
|
35E9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888484212.00000000035E9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E9000
|
Size: |
8192
|
|
3688000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085349574.0000000003688000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3688000
|
Size: |
8192
|
|
507B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.000000000507B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
507B000
|
Size: |
4096
|
|
76BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264883677.00000000076BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
76BE000
|
Size: |
8192
|
|
3676000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1887720338.0000000003676000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3676000
|
Size: |
16384
|
|
366E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907385996.000000000366E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366E000
|
Size: |
16384
|
|
3670000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890104891.0000000003670000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3670000
|
Size: |
8192
|
|
23F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916649492.00000000023F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
23F1000
|
Size: |
221184
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500222201.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
87A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.000000000087A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87A000
|
Size: |
4096
|
|
319F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257709679.000000000319F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
319F000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911211121.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3695000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907683220.0000000003695000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3695000
|
Size: |
4096
|
|
367B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085349574.000000000367B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367B000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
852000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000852000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
852000
|
Size: |
4096
|
|
89D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1760402571.000000000089D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
89D000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
85D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.000000000085D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
85D000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911710438.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
2F5E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257594406.0000000002F5E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F5E000
|
Size: |
8192
|
|
36BA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098578856.00000000036BA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36BA000
|
Size: |
4096
|
|
7850000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2266078781.0000000007850000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7850000
|
Size: |
65536
|
|
3685000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916589436.0000000003685000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3685000
|
Size: |
163840
|
|
2800000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490051443.0000000002800000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
2800000
|
Size: |
4096
|
|
2800000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490069526.0000000002800000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
2800000
|
Size: |
4096
|
|
806000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000806000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
806000
|
Size: |
4096
|
|
38EE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890121159.00000000038EE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
38EE000
|
Size: |
8192
|
|
367C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224371602.000000000367C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367C000
|
Size: |
4096
|
|
3666000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2258480356.0000000003666000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3666000
|
Size: |
4096
|
|
35E3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1630405503.00000000035E3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35E3000
|
Size: |
122880
|
|
744F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264473924.000000000744F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
744F000
|
Size: |
24576
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500001690.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3684000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907000807.0000000003684000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3684000
|
Size: |
16384
|
|
2F15000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2257058456.0000000002F15000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2F15000
|
Size: |
45056
|
|
84C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.000000000084C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
84C000
|
Size: |
4096
|
|
837000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000837000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
837000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
ABF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256875257.0000000000ABF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
ABF000
|
Size: |
4096
|
|
810000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000810000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
810000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
7810000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2265737013.0000000007810000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7810000
|
Size: |
65536
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490280054.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
83E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.000000000083E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
83E000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
35F6000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758764281.00000000035F6000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F6000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1498853831.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
75E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2254924744.000000000075E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
75E000
|
Size: |
8192
|
|
9E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256144031.00000000009E0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9E0000
|
Size: |
4096
|
|
809000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000809000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
809000
|
Size: |
16384
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499602475.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910824484.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
886000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245994632.0000000000886000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
886000
|
Size: |
45056
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
857000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000857000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
857000
|
Size: |
4096
|
|
364E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1632036900.000000000364E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
364E000
|
Size: |
4096
|
|
39C7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890121159.00000000039C7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
39C7000
|
Size: |
4096
|
|
365A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758494799.000000000365A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365A000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1498794935.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
872000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000872000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
872000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
8250000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2266297821.0000000008250000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
8250000
|
Size: |
20480
|
|
366A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2253914618.000000000366A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366A000
|
Size: |
4096
|
|
881000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245994632.0000000000881000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
881000
|
Size: |
16384
|
|
36A5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907683220.00000000036A5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36A5000
|
Size: |
8192
|
|
896000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256477161.0000000000896000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
896000
|
Size: |
20480
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499172379.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911827706.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489746993.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
378D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1630614822.000000000378D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
378D000
|
Size: |
536576
|
|
83E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.000000000083E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
83E000
|
Size: |
4096
|
|
77B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2265281932.00000000077B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
77B0000
|
Size: |
65536
|
|
22DC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256940694.00000000022DC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
22DC000
|
Size: |
16384
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489920415.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
367C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907799374.000000000367C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367C000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
818000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000818000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
818000
|
Size: |
12288
|
|
3680000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758950810.0000000003680000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3680000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499290479.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
86A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.000000000086A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
86A000
|
Size: |
12288
|
|
3626000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.0000000003626000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3626000
|
Size: |
8192
|
|
80E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80E000
|
Size: |
20480
|
|
5B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2254781797.00000000005B0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5B0000
|
Size: |
4096
|
|
888000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2225011826.0000000000888000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
888000
|
Size: |
12288
|
|
36AB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098578856.00000000036AB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36AB000
|
Size: |
4096
|
|
3685000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916511448.0000000003685000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3685000
|
Size: |
163840
|
|
360B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916016031.000000000360B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
360B000
|
Size: |
57344
|
|
2E1D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257494817.0000000002E1D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2E1D000
|
Size: |
12288
|
|
3674000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759755790.0000000003674000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3674000
|
Size: |
4096
|
|
D4D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256259769.0000000000D4D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
D4D000
|
Size: |
12288
|
|
3660000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759080319.0000000003660000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3660000
|
Size: |
8192
|
|
811000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000811000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
811000
|
Size: |
8192
|
|
87A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.000000000087A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87A000
|
Size: |
4096
|
|
368B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2245883750.000000000368B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
368B000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629148020.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
35F1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631611110.00000000035F1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
35F1000
|
Size: |
4096
|
|
875000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.0000000000875000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
875000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
3613000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759334197.0000000003613000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3613000
|
Size: |
4096
|
|
365B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759080319.000000000365B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365B000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489557644.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910986976.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3694000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888845598.0000000003694000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3694000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1490260431.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
366B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.000000000366B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366B000
|
Size: |
12288
|
|
361B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916016031.000000000361B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361B000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911449215.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489945707.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
7482000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264681312.0000000007482000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7482000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629107610.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3624000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759913199.0000000003624000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3624000
|
Size: |
4096
|
|
857000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000857000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
857000
|
Size: |
4096
|
|
365F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097757509.000000000365F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365F000
|
Size: |
16384
|
|
365F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916016031.000000000365F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365F000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500558600.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
712D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263550716.000000000712D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
712D000
|
Size: |
12288
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000000.1363841215.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
405504
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911733958.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
4D61000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.0000000004D61000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4D61000
|
Size: |
364544
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
7860000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2266159876.0000000007860000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7860000
|
Size: |
65536
|
|
801000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000801000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
801000
|
Size: |
4096
|
|
7C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255216927.00000000007C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7C0000
|
Size: |
36864
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1912095920.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
81D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.000000000081D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81D000
|
Size: |
40960
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
86A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908671086.000000000086A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
86A000
|
Size: |
12288
|
|
366A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097757509.000000000366A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
366A000
|
Size: |
4096
|
|
3619000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631463640.0000000003619000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3619000
|
Size: |
118784
|
|
3658000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2097757509.0000000003658000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3658000
|
Size: |
4096
|
|
3676000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224371602.0000000003676000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3676000
|
Size: |
16384
|
|
36BD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224308705.00000000036BD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36BD000
|
Size: |
4096
|
|
3654000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631837536.0000000003654000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3654000
|
Size: |
4096
|
|
87B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085160314.000000000087B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
87B000
|
Size: |
12288
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499875576.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
73C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2264092563.00000000073C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
73C0000
|
Size: |
24576
|
|
3619000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631837536.0000000003619000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3619000
|
Size: |
118784
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499964232.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
464000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.1363943643.0000000000464000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
464000
|
Size: |
4096
|
|
818000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000818000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
818000
|
Size: |
4096
|
|
3674000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1760252450.0000000003674000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3674000
|
Size: |
20480
|
|
853000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.0000000000853000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
853000
|
Size: |
4096
|
|
36E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2258572332.00000000036E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36E0000
|
Size: |
126976
|
|
3606000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631266942.0000000003606000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3606000
|
Size: |
8192
|
|
834000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2085439303.0000000000834000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
834000
|
Size: |
8192
|
|
3695000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1908461906.0000000003695000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3695000
|
Size: |
4096
|
|
834000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000834000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
834000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499040026.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
305F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257642050.000000000305F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
305F000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499155522.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
3668000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759334197.0000000003668000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3668000
|
Size: |
4096
|
|
370A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2084967065.000000000370A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
370A000
|
Size: |
4096
|
|
365B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885475576.000000000365B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365B000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487979992.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
36A7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2098578856.00000000036A7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36A7000
|
Size: |
4096
|
|
3028000
|
heap
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257624575.0000000003028000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3028000
|
Size: |
139264
|
|
2EED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000007.00000002.2256761066.0000000002EED000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
2EED000
|
Size: |
8192
|
|
36AD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1888845598.00000000036AD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36AD000
|
Size: |
4096
|
|
36F9000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916286555.00000000036F9000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36F9000
|
Size: |
4096
|
|
845000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2083156314.0000000000845000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
845000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1911361844.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
365B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758573866.000000000365B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365B000
|
Size: |
32768
|
|
3679000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907385996.0000000003679000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3679000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
23F1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1487878589.00000000023F1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
23F1000
|
Size: |
24576
|
|
365B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2090234974.000000000365B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365B000
|
Size: |
8192
|
|
4C3C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258551152.0000000004C3C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
4C3C000
|
Size: |
16384
|
|
2FF8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2257488678.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2FF8000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1910642871.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6DDE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263072112.0000000006DDE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6DDE000
|
Size: |
8192
|
|
3709000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889090856.0000000003709000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3709000
|
Size: |
8192
|
|
269F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2257236676.000000000269F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
269F000
|
Size: |
4096
|
|
71AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2263657472.00000000071AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
71AE000
|
Size: |
8192
|
|
367A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2078933252.000000000367A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
367A000
|
Size: |
24576
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909244302.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
800000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2246120073.0000000000800000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
800000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1629484876.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
81A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1916356358.000000000081A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81A000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499319003.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
77E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2265506034.00000000077E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
77E0000
|
Size: |
65536
|
|
36E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2088075995.00000000036E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36E1000
|
Size: |
282624
|
|
365F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2258398230.000000000365F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
365F000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1909637398.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
5092000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2258828661.0000000005092000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5092000
|
Size: |
196608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2961000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1488952432.0000000002961000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2961000
|
Size: |
1732608
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
3658000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758573866.0000000003658000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3658000
|
Size: |
4096
|
|
3698000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907252872.0000000003698000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3698000
|
Size: |
4096
|
|
3666000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1907875064.0000000003666000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3666000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1913082576.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
81F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2224467705.000000000081F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
81F000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
80B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2255520208.000000000080B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
80B000
|
Size: |
8192
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1500022269.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
361A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1631390635.000000000361A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
361A000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1489606452.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
6D4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1499083441.00000000006D4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D4000
|
Size: |
4096
|
|
89C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2256477161.000000000089C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
89C000
|
Size: |
4096
|
|
36AC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1759559034.00000000036AC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
36AC000
|
Size: |
16384
|
|
3665000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758573866.0000000003665000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3665000
|
Size: |
98304
|
|
3663000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1758454483.0000000003663000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3663000
|
Size: |
20480
|
|
967000
|
stack
|
page read and write
|
|
|
|
Name: |
00000007.00000002.2256072769.0000000000967000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
7
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
967000
|
Size: |
36864
|
|