2460000
|
direct allocation
|
page execute and read and write
|
|
|
|
Name: |
00000000.00000002.2476446512.0000000002460000.00000040.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page execute and read and write
|
Base address: |
2460000
|
Size: |
368640
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found malware configuration |
AV Detection |
|
Malicious sample detected (through community Yara rule) |
System Summary |
|
Sample uses string decryption to hide its real strings |
AV Detection |
|
Yara signature match |
System Summary |
|
|
37A7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885801313.00000000037A7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37A7000
|
Size: |
20480
|
|
3788000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889972418.0000000003788000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3788000
|
Size: |
12288
|
|
710000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477152967.0000000000710000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
710000
|
Size: |
12288
|
|
700000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.0000000000700000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
700000
|
Size: |
8192
|
|
3758000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003758000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3758000
|
Size: |
4096
|
|
3851000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2274371800.0000000003851000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3851000
|
Size: |
4096
|
|
7060000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2494207581.0000000007060000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7060000
|
Size: |
61440
|
|
640000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2476850668.0000000000640000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
640000
|
Size: |
12288
|
|
6A30000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492120135.0000000006A30000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A30000
|
Size: |
253952
|
|
75A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2277383833.000000000075A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
75A000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3784000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018259946.0000000003784000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3784000
|
Size: |
69632
|
|
6DF5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493198719.0000000006DF5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6DF5000
|
Size: |
16384
|
|
3768000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018259946.0000000003768000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3768000
|
Size: |
16384
|
|
CFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480155892.0000000000CFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CFE000
|
Size: |
8192
|
|
75A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2304592052.000000000075A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
75A000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
37DB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889457401.00000000037DB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37DB000
|
Size: |
4096
|
|
6DCD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492970067.0000000006DCD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6DCD000
|
Size: |
90112
|
|
6ED000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1873015266.00000000006ED000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6ED000
|
Size: |
315392
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
URLs found in memory or binary data |
Networking |
|
|
3888000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450700935.0000000003888000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3888000
|
Size: |
4096
|
|
3752000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018448096.0000000003752000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3752000
|
Size: |
24576
|
|
5843000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2491410127.0000000005843000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5843000
|
Size: |
24576
|
|
3761000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885437575.0000000003761000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3761000
|
Size: |
4096
|
|
7FB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477826670.00000000007FB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7FB000
|
Size: |
45056
|
|
706000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.0000000000706000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
706000
|
Size: |
4096
|
|
9C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2479675315.00000000009C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
9C0000
|
Size: |
65536
|
|
6E6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2472007209.00000000006E6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E6000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
6CC000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2469696699.00000000006CC000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6CC000
|
Size: |
40960
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
37F8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144708679.00000000037F8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37F8000
|
Size: |
4096
|
|
3851000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315772593.0000000003851000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3851000
|
Size: |
229376
|
|
6ED000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006ED000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6ED000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
37AD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147016284.00000000037AD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37AD000
|
Size: |
8192
|
|
6FBE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493919750.0000000006FBE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6FBE000
|
Size: |
8192
|
|
719000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.0000000000719000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
719000
|
Size: |
49152
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
308E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477598128.000000000308E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
308E000
|
Size: |
8192
|
|
7C80000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2495764400.0000000007C80000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7C80000
|
Size: |
4096
|
|
375B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017544546.000000000375B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375B000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
378A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885656687.000000000378A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
378A000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
73E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2475647791.000000000073E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73E000
|
Size: |
28672
|
|
37C3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144073869.00000000037C3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37C3000
|
Size: |
12288
|
|
37C4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144508761.00000000037C4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37C4000
|
Size: |
4096
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855391911.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
6E06000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493276694.0000000006E06000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E06000
|
Size: |
12288
|
|
5C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472423135.00000000005C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5C0000
|
Size: |
8192
|
|
4ADB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004ADB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4ADB000
|
Size: |
90112
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855470096.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
ABE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2476156648.0000000000ABE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
ABE000
|
Size: |
8192
|
|
6FD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.00000000006FD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6FD000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
6F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2276511844.00000000006F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F4000
|
Size: |
8192
|
|
7100000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2495254981.0000000007100000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7100000
|
Size: |
65536
|
|
37D4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144073869.00000000037D4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37D4000
|
Size: |
81920
|
|
378A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885801313.000000000378A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
378A000
|
Size: |
81920
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855495884.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
74B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.000000000074B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74B000
|
Size: |
12288
|
|
374A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2471519311.000000000374A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
374A000
|
Size: |
8192
|
|
6DC9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492970067.0000000006DC9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6DC9000
|
Size: |
8192
|
|
3799000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018259946.0000000003799000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3799000
|
Size: |
4096
|
|
CBE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480088993.0000000000CBE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
CBE000
|
Size: |
8192
|
|
3756000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017544546.0000000003756000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3756000
|
Size: |
16384
|
|
69D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2469696699.000000000069D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
69D000
|
Size: |
4096
|
|
3753000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2307893923.0000000003753000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3753000
|
Size: |
12288
|
|
694000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472691393.0000000000694000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
694000
|
Size: |
36864
|
|
374D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2307893923.000000000374D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
374D000
|
Size: |
16384
|
|
3861000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2274264349.0000000003861000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3861000
|
Size: |
4096
|
|
37FA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144708679.00000000037FA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37FA000
|
Size: |
4096
|
|
3752000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017604802.0000000003752000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3752000
|
Size: |
16384
|
|
3E6B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1845092630.0000000003E6B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3E6B000
|
Size: |
4149248
|
|
6AF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006AF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6AF000
|
Size: |
8192
|
|
742000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477539762.0000000000742000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
742000
|
Size: |
12288
|
|
75A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2470481305.000000000075A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
75A000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6E1A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493425432.0000000006E1A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E1A000
|
Size: |
4096
|
|
379C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.000000000379C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
379C000
|
Size: |
4096
|
|
3A48000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146594813.0000000003A48000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A48000
|
Size: |
4096
|
|
2EEE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477435527.0000000002EEE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2EEE000
|
Size: |
8192
|
|
374C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2451356957.000000000374C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
374C000
|
Size: |
4096
|
|
24C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1841209236.00000000024C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
24C1000
|
Size: |
65536
|
|
3761000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2316574035.0000000003761000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3761000
|
Size: |
131072
|
|
377A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018089531.000000000377A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377A000
|
Size: |
12288
|
|
57E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2491410127.00000000057E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
57E1000
|
Size: |
36864
|
|
700000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477116569.0000000000700000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
700000
|
Size: |
8192
|
|
3884000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450700935.0000000003884000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3884000
|
Size: |
4096
|
|
3756000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147066813.0000000003756000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3756000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
374D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017742113.000000000374D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
374D000
|
Size: |
16384
|
|
377D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018577887.000000000377D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377D000
|
Size: |
12288
|
|
375C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143285859.000000000375C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375C000
|
Size: |
8192
|
|
386A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317017028.000000000386A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
386A000
|
Size: |
4096
|
|
37BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2316574035.00000000037BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37BE000
|
Size: |
20480
|
|
3750000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017948286.0000000003750000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3750000
|
Size: |
4096
|
|
318F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477660478.000000000318F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
318F000
|
Size: |
4096
|
|
6AA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006AA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6AA000
|
Size: |
12288
|
|
72A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.000000000072A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
72A000
|
Size: |
20480
|
|
302D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477508343.000000000302D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
302D000
|
Size: |
12288
|
|
3BE5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450093810.0000000003BE5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BE5000
|
Size: |
577536
|
|
375D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017698604.000000000375D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375D000
|
Size: |
16384
|
|
70D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.000000000070D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
70D000
|
Size: |
16384
|
|
6B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2472040096.00000000006B0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6B0000
|
Size: |
4096
|
|
7D8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477826670.00000000007D8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7D8000
|
Size: |
139264
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855538133.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
32F0000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855789556.00000000032F0000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
32F0000
|
Size: |
4096
|
|
2DED000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477397798.0000000002DED000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2DED000
|
Size: |
12288
|
|
378F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889972418.000000000378F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
378F000
|
Size: |
4096
|
|
374C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2276983571.000000000374C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
374C000
|
Size: |
4096
|
|
715000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.0000000000715000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
715000
|
Size: |
8192
|
|
3757000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2451159406.0000000003757000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3757000
|
Size: |
8192
|
|
466000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.1713225357.0000000000466000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
466000
|
Size: |
8192
|
|
715000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.0000000000715000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
715000
|
Size: |
12288
|
|
6AE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2472040096.00000000006AE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6AE000
|
Size: |
4096
|
|
37D8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885801313.00000000037D8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37D8000
|
Size: |
16384
|
|
97E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2476001044.000000000097E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
97E000
|
Size: |
8192
|
|
3797000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017467015.0000000003797000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3797000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3861000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2274324612.0000000003861000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3861000
|
Size: |
4096
|
|
3782000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2316574035.0000000003782000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3782000
|
Size: |
155648
|
|
70F0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2495140608.00000000070F0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
70F0000
|
Size: |
65536
|
|
74B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2304592052.000000000074B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74B000
|
Size: |
32768
|
|
434E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480202640.000000000434E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
434E000
|
Size: |
8192
|
|
745000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2470709109.0000000000745000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
745000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3772000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889972418.0000000003772000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3772000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
719000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2276511844.0000000000719000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
719000
|
Size: |
90112
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
712000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.0000000000712000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
712000
|
Size: |
4096
|
|
7D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477826670.00000000007D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7D0000
|
Size: |
28672
|
|
6D90000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492749991.0000000006D90000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D90000
|
Size: |
86016
|
|
464000
|
unkown
|
page write copy
|
|
|
|
Name: |
00000000.00000000.1713225357.0000000000464000.00000008.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page write copy
|
Base address: |
464000
|
Size: |
4096
|
|
737000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.0000000000737000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
737000
|
Size: |
4096
|
|
37AE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018577887.00000000037AE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37AE000
|
Size: |
4096
|
|
37AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2316574035.00000000037AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37AF000
|
Size: |
20480
|
|
760000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477690023.0000000000760000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
760000
|
Size: |
4096
|
|
37B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2307893923.00000000037B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37B0000
|
Size: |
4096
|
|
375C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281084814.000000000375C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375C000
|
Size: |
8192
|
|
270F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477159119.000000000270F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
270F000
|
Size: |
4096
|
|
374F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144666402.000000000374F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
374F000
|
Size: |
8192
|
|
3A4E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146594813.0000000003A4E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A4E000
|
Size: |
8192
|
|
37D4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144508761.00000000037D4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37D4000
|
Size: |
73728
|
|
375D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2451159406.000000000375D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375D000
|
Size: |
4096
|
|
3875000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317017028.0000000003875000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3875000
|
Size: |
4096
|
|
375F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143285859.000000000375F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375F000
|
Size: |
16384
|
|
753000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2475854244.0000000000753000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
753000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
31CE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477693928.00000000031CE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
31CE000
|
Size: |
8192
|
|
24C2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1841665678.00000000024C2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
24C2000
|
Size: |
8192
|
|
3710000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477996254.0000000003710000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3710000
|
Size: |
4096
|
|
4435000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2480381641.0000000004435000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
4435000
|
Size: |
8192
|
|
74F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2470481305.000000000074F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74F000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3741000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2471519311.0000000003741000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3741000
|
Size: |
16384
|
|
714000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477242147.0000000000714000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
714000
|
Size: |
36864
|
|
754000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.0000000000754000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
754000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3741000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309256685.0000000003741000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3741000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3754000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017948286.0000000003754000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3754000
|
Size: |
8192
|
|
BBF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2476212645.0000000000BBF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
BBF000
|
Size: |
4096
|
|
7B40000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2495621036.0000000007B40000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7B40000
|
Size: |
4096
|
|
712000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.0000000000712000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
712000
|
Size: |
8192
|
|
75A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018514054.000000000075A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
75A000
|
Size: |
8192
|
|
4C16000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004C16000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4C16000
|
Size: |
831488
|
|
2360000
|
direct allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2476406039.0000000002360000.00000004.00001000.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
direct allocation
|
Protect: |
page read and write
|
Base address: |
2360000
|
Size: |
4096
|
|
4B49000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004B49000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4B49000
|
Size: |
811008
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3749000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017742113.0000000003749000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3749000
|
Size: |
12288
|
|
685E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2491801282.000000000685E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
685E000
|
Size: |
8192
|
|
670000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472691393.0000000000670000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
670000
|
Size: |
36864
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
720000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477346284.0000000000720000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
720000
|
Size: |
32768
|
|
6E5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2469696699.00000000006E5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E5000
|
Size: |
20480
|
|
3851000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2274324612.0000000003851000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3851000
|
Size: |
4096
|
|
3859000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145191462.0000000003859000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3859000
|
Size: |
73728
|
|
75A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2475854244.000000000075A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
75A000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
2F2E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477467492.0000000002F2E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
2F2E000
|
Size: |
8192
|
|
441D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480301555.000000000441D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
441D000
|
Size: |
12288
|
|
9B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2479591266.00000000009B0000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
9B0000
|
Size: |
20480
|
|
74B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2475716004.000000000074B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74B000
|
Size: |
16384
|
|
7B00000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2495556793.0000000007B00000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
7B00000
|
Size: |
4096
|
|
335E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477753484.000000000335E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
335E000
|
Size: |
8192
|
|
691A000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2491888029.000000000691A000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
691A000
|
Size: |
24576
|
|
726000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.0000000000726000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
726000
|
Size: |
36864
|
|
7BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477751997.00000000007BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
7BE000
|
Size: |
8192
|
|
3754000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144666402.0000000003754000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3754000
|
Size: |
8192
|
|
37B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273998999.00000000037B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37B3000
|
Size: |
4096
|
|
3741000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273899197.0000000003741000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3741000
|
Size: |
24576
|
|
464000
|
unkown
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472327906.0000000000464000.00000004.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
unkown
|
Protect: |
page read and write
|
Base address: |
464000
|
Size: |
12288
|
|
720000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.0000000000720000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
720000
|
Size: |
20480
|
|
37A4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885170790.00000000037A4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37A4000
|
Size: |
139264
|
|
37A4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2278619510.00000000037A4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37A4000
|
Size: |
61440
|
|
377A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144754640.000000000377A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377A000
|
Size: |
4096
|
|
3758000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281084814.0000000003758000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3758000
|
Size: |
4096
|
|
75A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2451218517.000000000075A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
75A000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
739000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.0000000000739000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
739000
|
Size: |
8192
|
|
37AB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273998999.00000000037AB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37AB000
|
Size: |
4096
|
|
3850000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2274144373.0000000003850000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3850000
|
Size: |
8192
|
|
3880000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450700935.0000000003880000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3880000
|
Size: |
4096
|
|
37B2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144073869.00000000037B2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37B2000
|
Size: |
4096
|
|
3B17000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146594813.0000000003B17000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B17000
|
Size: |
4096
|
|
378B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885170790.000000000378B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
378B000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
753000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2470481305.0000000000753000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
753000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6ED000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.00000000006ED000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6ED000
|
Size: |
20480
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
6E9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2451201317.00000000006E9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E9000
|
Size: |
4096
|
|
6E7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2277349112.00000000006E7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E7000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
37F8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144508761.00000000037F8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37F8000
|
Size: |
12288
|
|
37E5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889627920.00000000037E5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37E5000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3786000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003786000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3786000
|
Size: |
4096
|
|
379A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144754640.000000000379A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
379A000
|
Size: |
8192
|
|
6BB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006BB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6BB000
|
Size: |
16384
|
|
3741000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2451356957.0000000003741000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3741000
|
Size: |
28672
|
|
9F0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2479860508.00000000009F0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
9F0000
|
Size: |
24576
|
|
703D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2494010503.000000000703D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
703D000
|
Size: |
12288
|
|
37E3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889627920.00000000037E3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37E3000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
745000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2477589588.0000000000745000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
745000
|
Size: |
45056
|
|
3742000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2276983571.0000000003742000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3742000
|
Size: |
12288
|
|
374C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309256685.000000000374C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
374C000
|
Size: |
4096
|
|
3879000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317017028.0000000003879000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3879000
|
Size: |
4096
|
|
3771000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003771000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3771000
|
Size: |
4096
|
|
708000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.0000000000708000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
708000
|
Size: |
8192
|
|
5809000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2491410127.0000000005809000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
5809000
|
Size: |
159744
|
|
37BE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.00000000037BE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37BE000
|
Size: |
4096
|
|
3B56000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2469258353.0000000003B56000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B56000
|
Size: |
86016
|
|
754000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2451218517.0000000000754000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
754000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
377C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.000000000377C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377C000
|
Size: |
4096
|
|
346B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1845092630.000000000346B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
346B000
|
Size: |
10485760
|
|
3851000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2274264349.0000000003851000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3851000
|
Size: |
4096
|
|
3850000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2276407320.0000000003850000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3850000
|
Size: |
4096
|
|
807000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477826670.0000000000807000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
807000
|
Size: |
405504
|
|
737000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2475603806.0000000000737000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
737000
|
Size: |
16384
|
|
37D8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889627920.00000000037D8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37D8000
|
Size: |
4096
|
|
3861000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2274424596.0000000003861000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3861000
|
Size: |
4096
|
|
70D000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.000000000070D000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
70D000
|
Size: |
16384
|
|
37B3000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144508761.00000000037B3000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37B3000
|
Size: |
16384
|
|
375D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017544546.000000000375D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375D000
|
Size: |
16384
|
|
63E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2476807790.000000000063E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
63E000
|
Size: |
8192
|
|
3761000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003761000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3761000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3777000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018577887.0000000003777000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3777000
|
Size: |
12288
|
|
749000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.0000000000749000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
749000
|
Size: |
4096
|
|
378D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.000000000378D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
378D000
|
Size: |
4096
|
|
3B1F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146594813.0000000003B1F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B1F000
|
Size: |
4096
|
|
6AF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477060645.00000000006AF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6AF000
|
Size: |
4096
|
|
9AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2479504752.00000000009AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9AE000
|
Size: |
8192
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2469696699.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A2000
|
Size: |
77824
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
5BE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2476645386.00000000005BE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5BE000
|
Size: |
8192
|
|
695E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2491941898.000000000695E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
695E000
|
Size: |
8192
|
|
37AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.00000000037AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37AF000
|
Size: |
4096
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1841231183.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
6F7E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493885833.0000000006F7E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6F7E000
|
Size: |
8192
|
|
6C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477089696.00000000006C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6C0000
|
Size: |
4096
|
|
375C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018448096.000000000375C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375C000
|
Size: |
8192
|
|
3ADE000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2469258353.0000000003ADE000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3ADE000
|
Size: |
4096
|
|
4843000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004843000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4843000
|
Size: |
995328
|
|
6DF2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492970067.0000000006DF2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6DF2000
|
Size: |
8192
|
|
376A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017467015.000000000376A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
376A000
|
Size: |
4096
|
|
375A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147066813.000000000375A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375A000
|
Size: |
4096
|
|
379F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885801313.000000000379F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
379F000
|
Size: |
20480
|
|
3866000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317017028.0000000003866000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3866000
|
Size: |
4096
|
|
1EC000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2476467582.00000000001EC000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
1EC000
|
Size: |
16384
|
|
7B10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2495578492.0000000007B10000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7B10000
|
Size: |
20480
|
|
3AEF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146594813.0000000003AEF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3AEF000
|
Size: |
4096
|
|
47E1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.00000000047E1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
47E1000
|
Size: |
397312
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3797000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017698604.0000000003797000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3797000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6DA7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492889640.0000000006DA7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6DA7000
|
Size: |
12288
|
|
3775000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003775000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3775000
|
Size: |
4096
|
|
3861000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2274371800.0000000003861000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3861000
|
Size: |
4096
|
|
6E90000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493595450.0000000006E90000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
6E90000
|
Size: |
24576
|
|
3750000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478275039.0000000003750000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3750000
|
Size: |
4096
|
|
3848000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145191462.0000000003848000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3848000
|
Size: |
8192
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855631597.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
70E0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2495043545.00000000070E0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
70E0000
|
Size: |
65536
|
|
34AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477836540.00000000034AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
34AE000
|
Size: |
8192
|
|
7B70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2495738589.0000000007B70000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7B70000
|
Size: |
4096
|
|
755000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018514054.0000000000755000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
755000
|
Size: |
12288
|
|
665000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2476925242.0000000000665000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
665000
|
Size: |
16384
|
|
3781000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018259946.0000000003781000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3781000
|
Size: |
8192
|
|
5FE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2476708345.00000000005FE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
5FE000
|
Size: |
8192
|
|
6F9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.00000000006F9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F9000
|
Size: |
12288
|
|
3792000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144754640.0000000003792000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3792000
|
Size: |
8192
|
|
37B1000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2302332281.00000000037B1000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37B1000
|
Size: |
253952
|
|
4A34000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004A34000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4A34000
|
Size: |
131072
|
|
3744000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478080846.0000000003744000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3744000
|
Size: |
4096
|
|
3757000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273777672.0000000003757000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3757000
|
Size: |
8192
|
|
3770000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018740964.0000000003770000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3770000
|
Size: |
8192
|
|
707000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.0000000000707000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
707000
|
Size: |
12288
|
|
755000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017977844.0000000000755000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
755000
|
Size: |
28672
|
|
6C8E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492672892.0000000006C8E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6C8E000
|
Size: |
8192
|
|
37A2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144754640.00000000037A2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37A2000
|
Size: |
8192
|
|
3789000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003789000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3789000
|
Size: |
4096
|
|
4450000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480545020.0000000004450000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4450000
|
Size: |
4096
|
|
749000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2304592052.0000000000749000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
749000
|
Size: |
4096
|
|
7C0000
|
heap
|
page readonly
|
|
|
|
Name: |
00000004.00000002.2477796402.00000000007C0000.00000002.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page readonly
|
Base address: |
7C0000
|
Size: |
4096
|
|
6C0E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492600457.0000000006C0E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6C0E000
|
Size: |
8192
|
|
284E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477253925.000000000284E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
284E000
|
Size: |
8192
|
|
70B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2494738528.00000000070B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
70B0000
|
Size: |
65536
|
|
6FF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.00000000006FF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6FF000
|
Size: |
12288
|
|
7050000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2494159199.0000000007050000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
7050000
|
Size: |
16384
|
|
3755000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2471819123.0000000003755000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3755000
|
Size: |
4096
|
|
32F0000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855772090.00000000032F0000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
32F0000
|
Size: |
4096
|
|
754000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2276511844.0000000000754000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
754000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3782000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003782000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3782000
|
Size: |
4096
|
|
375B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2307893923.000000000375B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375B000
|
Size: |
16384
|
|
6F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.00000000006F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F7000
|
Size: |
4096
|
|
70C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.000000000070C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
70C000
|
Size: |
20480
|
|
3752000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143285859.0000000003752000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3752000
|
Size: |
28672
|
|
376D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.000000000376D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
376D000
|
Size: |
4096
|
|
689F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2491829395.000000000689F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
689F000
|
Size: |
4096
|
|
3791000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003791000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3791000
|
Size: |
4096
|
|
37DB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889627920.00000000037DB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37DB000
|
Size: |
4096
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855255853.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
3750000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018448096.0000000003750000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3750000
|
Size: |
4096
|
|
6C7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006C7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6C7000
|
Size: |
16384
|
|
6DB000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006DB000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6DB000
|
Size: |
12288
|
|
2950000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477326990.0000000002950000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
2950000
|
Size: |
12288
|
|
5E0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472456739.00000000005E0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5E0000
|
Size: |
16384
|
|
24C5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1841665678.00000000024C5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
24C5000
|
Size: |
8192
|
|
3770000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889335402.0000000003770000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3770000
|
Size: |
4096
|
|
733000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.0000000000733000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
733000
|
Size: |
4096
|
|
72A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.000000000072A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
72A000
|
Size: |
20480
|
|
733000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.0000000000733000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
733000
|
Size: |
4096
|
|
32F0000
|
remote allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855753519.00000000032F0000.00000004.00000400.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
remote allocation
|
Protect: |
page read and write
|
Base address: |
32F0000
|
Size: |
4096
|
|
445F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2310242919.000000000445F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
445F000
|
Size: |
593920
|
|
377C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2278619510.000000000377C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377C000
|
Size: |
4096
|
|
3B27000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146594813.0000000003B27000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3B27000
|
Size: |
4096
|
|
25D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1841267116.00000000025D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
25D0000
|
Size: |
180224
|
|
3797000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889972418.0000000003797000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3797000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
32CF000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477728453.00000000032CF000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
32CF000
|
Size: |
4096
|
|
7040000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2494049235.0000000007040000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7040000
|
Size: |
65536
|
|
377A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145310856.000000000377A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377A000
|
Size: |
4096
|
|
387D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317017028.000000000387D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
387D000
|
Size: |
4096
|
|
3888000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317017028.0000000003888000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3888000
|
Size: |
4096
|
|
37B4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2278619510.00000000037B4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37B4000
|
Size: |
4096
|
|
6A2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473359878.00000000006A2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A2000
|
Size: |
8192
|
|
3A67000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146594813.0000000003A67000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A67000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3760000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2307893923.0000000003760000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3760000
|
Size: |
303104
|
|
37AD000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145310856.00000000037AD000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37AD000
|
Size: |
4096
|
|
7080000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2494418127.0000000007080000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7080000
|
Size: |
65536
|
|
37B7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2316574035.00000000037B7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37B7000
|
Size: |
8192
|
|
3BB7000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146594813.0000000003BB7000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3BB7000
|
Size: |
4096
|
|
3793000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885170790.0000000003793000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3793000
|
Size: |
12288
|
|
37BB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273703321.00000000037BB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37BB000
|
Size: |
24576
|
|
755000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017828985.0000000000755000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
755000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3760000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273777672.0000000003760000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3760000
|
Size: |
12288
|
|
3757000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2307893923.0000000003757000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3757000
|
Size: |
8192
|
|
7110000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2495352397.0000000007110000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7110000
|
Size: |
65536
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855416789.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
4B02000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004B02000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4B02000
|
Size: |
4096
|
|
3744000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017742113.0000000003744000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3744000
|
Size: |
4096
|
|
37A4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.00000000037A4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37A4000
|
Size: |
4096
|
|
3879000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281014340.0000000003879000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3879000
|
Size: |
4096
|
|
70D0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2494943976.00000000070D0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
70D0000
|
Size: |
65536
|
|
3778000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889972418.0000000003778000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3778000
|
Size: |
12288
|
|
375E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017926550.000000000375E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375E000
|
Size: |
4096
|
|
37D8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885656687.00000000037D8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37D8000
|
Size: |
8192
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855514710.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
377B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281223402.000000000377B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377B000
|
Size: |
4096
|
|
375D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017873919.000000000375D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375D000
|
Size: |
8192
|
|
35AE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477897128.00000000035AE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
35AE000
|
Size: |
8192
|
|
73A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2477461833.000000000073A000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
73A000
|
Size: |
4096
|
|
3851000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2302742784.0000000003851000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3851000
|
Size: |
98304
|
|
3797000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017873919.0000000003797000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3797000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6FF000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006FF000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6FF000
|
Size: |
16384
|
|
6F6000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006F6000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F6000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
3A45000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309473468.0000000003A45000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A45000
|
Size: |
495616
|
|
74F000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.000000000074F000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74F000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
3748000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478080846.0000000003748000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3748000
|
Size: |
12288
|
|
71A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.000000000071A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
71A000
|
Size: |
20480
|
|
739000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.0000000000739000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
739000
|
Size: |
57344
|
|
6CA2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492701659.0000000006CA2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6CA2000
|
Size: |
4096
|
|
37B0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309933863.00000000037B0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37B0000
|
Size: |
4096
|
|
375C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.000000000375C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375C000
|
Size: |
16384
|
|
749000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2451218517.0000000000749000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
749000
|
Size: |
4096
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855454604.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
3879000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2145191462.0000000003879000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3879000
|
Size: |
4096
|
|
3841000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281319897.0000000003841000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3841000
|
Size: |
155648
|
|
69DE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492029023.00000000069DE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
69DE000
|
Size: |
8192
|
|
37BB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144073869.00000000037BB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37BB000
|
Size: |
4096
|
|
3769000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003769000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3769000
|
Size: |
4096
|
|
4939000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004939000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4939000
|
Size: |
1024000
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
360E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477929874.000000000360E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
360E000
|
Size: |
8192
|
|
918000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2479388948.0000000000918000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
918000
|
Size: |
8192
|
|
754000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2304592052.0000000000754000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
754000
|
Size: |
12288
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
745000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2451218517.0000000000745000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
745000
|
Size: |
12288
|
|
70A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2494634800.00000000070A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
70A0000
|
Size: |
65536
|
|
37AB000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147016284.00000000037AB000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37AB000
|
Size: |
4096
|
|
70B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.000000000070B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
70B000
|
Size: |
4096
|
|
6B8000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2469696699.00000000006B8000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6B8000
|
Size: |
77824
|
|
3861000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2274224027.0000000003861000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3861000
|
Size: |
4096
|
|
375C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2147066813.000000000375C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375C000
|
Size: |
8192
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855297157.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
4A55000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004A55000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4A55000
|
Size: |
462848
|
|
715000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2276511844.0000000000715000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
715000
|
Size: |
12288
|
|
3794000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2278619510.0000000003794000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3794000
|
Size: |
12288
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855229378.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
3778000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003778000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3778000
|
Size: |
4096
|
|
3757000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018740964.0000000003757000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3757000
|
Size: |
8192
|
|
3741000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1884788744.0000000003741000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3741000
|
Size: |
196608
|
|
6BCE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492566925.0000000006BCE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6BCE000
|
Size: |
8192
|
|
74B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2470709109.000000000074B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74B000
|
Size: |
16384
|
|
3753000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2471819123.0000000003753000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3753000
|
Size: |
4096
|
|
4AC8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004AC8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4AC8000
|
Size: |
65536
|
|
3796000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018259946.0000000003796000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3796000
|
Size: |
8192
|
|
19D000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472283528.000000000019D000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
19D000
|
Size: |
12288
|
|
3763000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2309933863.0000000003763000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3763000
|
Size: |
290816
|
|
3840000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2479488747.0000000003840000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3840000
|
Size: |
65536
|
|
70C0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2494841080.00000000070C0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
70C0000
|
Size: |
65536
|
|
6F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2276511844.00000000006F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F7000
|
Size: |
49152
|
|
6F20000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2493721926.0000000006F20000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
6F20000
|
Size: |
4096
|
|
4B12000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004B12000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4B12000
|
Size: |
24576
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
379B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018259946.000000000379B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
379B000
|
Size: |
4096
|
|
3776000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885801313.0000000003776000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3776000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
SQL strings found in memory and binary data |
System Summary |
|
|
A7F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2476115836.0000000000A7F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
A7F000
|
Size: |
4096
|
|
7090000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2494528833.0000000007090000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7090000
|
Size: |
65536
|
|
C3E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480031157.0000000000C3E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C3E000
|
Size: |
8192
|
|
3761000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889335402.0000000003761000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3761000
|
Size: |
4096
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855276083.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
375A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281084814.000000000375A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375A000
|
Size: |
4096
|
|
6CE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006CE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6CE000
|
Size: |
28672
|
|
3A9F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146594813.0000000003A9F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A9F000
|
Size: |
4096
|
|
438000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2476545438.0000000000438000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
438000
|
Size: |
32768
|
|
96C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2479457676.000000000096C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
96C000
|
Size: |
16384
|
|
6E03000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493198719.0000000006E03000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E03000
|
Size: |
8192
|
|
3741000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017604802.0000000003741000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3741000
|
Size: |
16384
|
|
740000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477498435.0000000000740000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
740000
|
Size: |
4096
|
|
3754000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017742113.0000000003754000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3754000
|
Size: |
8192
|
|
3754000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273777672.0000000003754000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3754000
|
Size: |
8192
|
|
6F1E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493690246.0000000006F1E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6F1E000
|
Size: |
8192
|
|
745000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2277383833.0000000000745000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
745000
|
Size: |
36864
|
|
3780000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144754640.0000000003780000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3780000
|
Size: |
16384
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
729000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477346284.0000000000729000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
729000
|
Size: |
16384
|
|
3779000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885801313.0000000003779000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3779000
|
Size: |
12288
|
|
67A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472691393.000000000067A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
67A000
|
Size: |
8192
|
|
374D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273777672.000000000374D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
374D000
|
Size: |
16384
|
|
713000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2477213186.0000000000713000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
713000
|
Size: |
4096
|
|
6E1C000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493448657.0000000006E1C000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E1C000
|
Size: |
90112
|
|
386E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317017028.000000000386E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
386E000
|
Size: |
4096
|
|
3746000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017604802.0000000003746000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3746000
|
Size: |
45056
|
|
71A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.000000000071A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
71A000
|
Size: |
45056
|
|
3030000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477556675.0000000003030000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
3030000
|
Size: |
4096
|
|
4AF2000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004AF2000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4AF2000
|
Size: |
36864
|
|
370F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477964074.000000000370F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
370F000
|
Size: |
4096
|
|
7070000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2494308042.0000000007070000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7070000
|
Size: |
65536
|
|
3748000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1884736077.0000000003748000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3748000
|
Size: |
8192
|
|
750000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2475812271.0000000000750000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
750000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855321176.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
4B0A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004B0A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4B0A000
|
Size: |
4096
|
|
6EA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.00000000006EA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6EA000
|
Size: |
28672
|
|
90E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2479360285.000000000090E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
90E000
|
Size: |
8192
|
|
712000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.0000000000712000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
712000
|
Size: |
4096
|
|
345F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477804562.000000000345F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
345F000
|
Size: |
4096
|
|
3761000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017467015.0000000003761000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3761000
|
Size: |
20480
|
|
6F4000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.00000000006F4000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F4000
|
Size: |
4096
|
|
3776000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885437575.0000000003776000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3776000
|
Size: |
8192
|
|
600000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472490662.0000000000600000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
600000
|
Size: |
24576
|
|
438E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480238103.000000000438E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
438E000
|
Size: |
8192
|
|
3795000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003795000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3795000
|
Size: |
4096
|
|
6E10000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493361470.0000000006E10000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E10000
|
Size: |
32768
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1841727283.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
875000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2477826670.0000000000875000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
875000
|
Size: |
368640
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
727000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.0000000000727000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
727000
|
Size: |
8192
|
|
376F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018259946.000000000376F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
376F000
|
Size: |
4096
|
|
6C4E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492633878.0000000006C4E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6C4E000
|
Size: |
8192
|
|
737000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2276511844.0000000000737000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
737000
|
Size: |
110592
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
3763000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143236913.0000000003763000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3763000
|
Size: |
36864
|
|
260E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477124271.000000000260E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
260E000
|
Size: |
8192
|
|
3747000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017742113.0000000003747000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3747000
|
Size: |
4096
|
|
3770000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885437575.0000000003770000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3770000
|
Size: |
12288
|
|
3773000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018089531.0000000003773000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3773000
|
Size: |
8192
|
|
4430000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2480381641.0000000004430000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
4430000
|
Size: |
12288
|
|
37B4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273703321.00000000037B4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37B4000
|
Size: |
24576
|
|
37F4000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144073869.00000000037F4000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37F4000
|
Size: |
4096
|
|
3871000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317017028.0000000003871000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3871000
|
Size: |
4096
|
|
37AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889457401.00000000037AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37AA000
|
Size: |
4096
|
|
749000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2470709109.0000000000749000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
749000
|
Size: |
4096
|
|
37FA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146566557.00000000037FA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37FA000
|
Size: |
4096
|
|
6A20000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492120135.0000000006A20000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6A20000
|
Size: |
36864
|
|
378E000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018577887.000000000378E000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
378E000
|
Size: |
126976
|
|
74B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2451218517.000000000074B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
74B000
|
Size: |
28672
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
699B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2491979493.000000000699B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
699B000
|
Size: |
20480
|
|
6EA000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2276511844.00000000006EA000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6EA000
|
Size: |
32768
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
3859000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146406652.0000000003859000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3859000
|
Size: |
139264
|
|
37D8000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885170790.00000000037D8000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37D8000
|
Size: |
8192
|
|
3798000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003798000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3798000
|
Size: |
4096
|
|
274C000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477194876.000000000274C000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
274C000
|
Size: |
16384
|
|
3766000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.0000000003766000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3766000
|
Size: |
4096
|
|
3F45000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2297746186.0000000003F45000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3F45000
|
Size: |
5242880
|
|
67E000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472691393.000000000067E000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
67E000
|
Size: |
86016
|
|
3880000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2317017028.0000000003880000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3880000
|
Size: |
4096
|
|
704000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2276511844.0000000000704000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
704000
|
Size: |
65536
|
|
377C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885437575.000000000377C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377C000
|
Size: |
4096
|
|
384A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146406652.000000000384A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
384A000
|
Size: |
24576
|
|
6E0B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493316007.0000000006E0B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E0B000
|
Size: |
16384
|
|
6D7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2469696699.00000000006D7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6D7000
|
Size: |
28672
|
|
6DAE000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492889640.0000000006DAE000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6DAE000
|
Size: |
8192
|
|
3783000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2278619510.0000000003783000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3783000
|
Size: |
12288
|
|
3861000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2274483792.0000000003861000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3861000
|
Size: |
4096
|
|
3748000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273899197.0000000003748000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3748000
|
Size: |
20480
|
|
6FFE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493976189.0000000006FFE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6FFE000
|
Size: |
8192
|
|
73B000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2304592052.000000000073B000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
73B000
|
Size: |
53248
|
|
75A000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.000000000075A000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
75A000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
4A0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2476615412.00000000004A0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4A0000
|
Size: |
4096
|
|
3776000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889972418.0000000003776000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3776000
|
Size: |
4096
|
|
68DD000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2491852446.00000000068DD000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
68DD000
|
Size: |
12288
|
|
6C1000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006C1000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6C1000
|
Size: |
12288
|
|
37FA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273998999.00000000037FA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37FA000
|
Size: |
4096
|
|
604000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1855434265.0000000000604000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
604000
|
Size: |
4096
|
|
71D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2477311582.000000000071D000.00000040.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page execute and read and write
|
Base address: |
71D000
|
Size: |
8192
|
|
6FD000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2450762284.00000000006FD000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6FD000
|
Size: |
4096
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
3746000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2471519311.0000000003746000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3746000
|
Size: |
12288
|
|
401000
|
unkown
|
page execute read
|
|
|
|
Name: |
00000000.00000000.1713184102.0000000000401000.00000020.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page execute read
|
Base address: |
401000
|
Size: |
405504
|
|
24C2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2468930823.00000000024C2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
24C2000
|
Size: |
217088
|
|
4B19000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480645091.0000000004B19000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
4B19000
|
Size: |
192512
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
726000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.0000000000726000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
726000
|
Size: |
12288
|
|
37A5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885801313.00000000037A5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37A5000
|
Size: |
4096
|
|
3761000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890657789.0000000003761000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3761000
|
Size: |
4096
|
|
400000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1713169941.0000000000400000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
400000
|
Size: |
4096
|
|
93F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2475946651.000000000093F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
93F000
|
Size: |
4096
|
|
46A000
|
unkown
|
page readonly
|
|
|
|
Name: |
00000000.00000000.1713251005.000000000046A000.00000002.00000001.01000000.00000003.sdmp
|
TargetID: |
0
|
Dumpstage: |
process new
|
Regiontype: |
unkown
|
Protect: |
page readonly
|
Base address: |
46A000
|
Size: |
1302528
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
6A1B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2492061733.0000000006A1B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6A1B000
|
Size: |
20480
|
|
4490000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480572406.0000000004490000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
4490000
|
Size: |
20480
|
|
37AA000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144754640.00000000037AA000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37AA000
|
Size: |
16384
|
|
3752000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478275039.0000000003752000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3752000
|
Size: |
4096
|
|
377A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889457401.000000000377A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377A000
|
Size: |
4096
|
|
377B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018259946.000000000377B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377B000
|
Size: |
20480
|
|
770000
|
heap
|
page execute and read and write
|
|
|
|
Name: |
00000004.00000002.2477720782.0000000000770000.00000040.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page execute and read and write
|
Base address: |
770000
|
Size: |
4096
|
|
3783000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885437575.0000000003783000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3783000
|
Size: |
4096
|
|
377A000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144073869.000000000377A000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
377A000
|
Size: |
4096
|
|
9B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472237515.000000000009B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
9B000
|
Size: |
20480
|
|
C7F000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2480063986.0000000000C7F000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
C7F000
|
Size: |
4096
|
|
37A0000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478360512.00000000037A0000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37A0000
|
Size: |
4096
|
|
715000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.0000000000715000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
715000
|
Size: |
4096
|
|
24D0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1841665678.00000000024D0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
24D0000
|
Size: |
180224
|
|
6E5000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006E5000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E5000
|
Size: |
8192
|
|
681B000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2491754450.000000000681B000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
681B000
|
Size: |
20480
|
|
6B2000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006B2000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6B2000
|
Size: |
12288
|
|
2A6B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1845092630.0000000002A6B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
2A6B000
|
Size: |
10485760
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sample file is different than original file name gathered from version info |
System Summary |
|
|
3770000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2017467015.0000000003770000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3770000
|
Size: |
4096
|
|
3740000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478055418.0000000003740000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3740000
|
Size: |
4096
|
|
6E9000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2473405041.00000000006E9000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6E9000
|
Size: |
4096
|
|
751000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2277383833.0000000000751000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
751000
|
Size: |
4096
|
|
3763000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2281223402.0000000003763000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3763000
|
Size: |
8192
|
|
37AF000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273998999.00000000037AF000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37AF000
|
Size: |
4096
|
|
7120000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2495452716.0000000007120000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7120000
|
Size: |
65536
|
|
660000
|
heap
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2476925242.0000000000660000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
660000
|
Size: |
16384
|
|
705000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.0000000000705000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
705000
|
Size: |
16384
|
|
37EC000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2144073869.00000000037EC000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37EC000
|
Size: |
20480
|
|
7B50000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2495648011.0000000007B50000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7B50000
|
Size: |
20480
|
|
3A7F000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2146594813.0000000003A7F000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3A7F000
|
Size: |
4096
|
|
375C000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2273777672.000000000375C000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
375C000
|
Size: |
12288
|
|
25C0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2477085028.00000000025C0000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
25C0000
|
Size: |
4096
|
|
746000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2475716004.0000000000746000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
746000
|
Size: |
8192
|
|
3789000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1885437575.0000000003789000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3789000
|
Size: |
8192
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
URLs found in memory or binary data |
Networking |
|
|
6F7000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2315999928.00000000006F7000.00000004.00000020.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
6F7000
|
Size: |
20480
|
|
5B0000
|
heap
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472384931.00000000005B0000.00000004.00000020.00040000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
heap
|
Protect: |
page read and write
|
Base address: |
5B0000
|
Size: |
4096
|
|
378B000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2018089531.000000000378B000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
378B000
|
Size: |
139264
|
|
37F5000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1889627920.00000000037F5000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
37F5000
|
Size: |
143360
|
|
6EDE000
|
stack
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2493652625.0000000006EDE000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
6EDE000
|
Size: |
8192
|
|
374D000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.2143285859.000000000374D000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
374D000
|
Size: |
16384
|
|
3742000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2478080846.0000000003742000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3742000
|
Size: |
4096
|
|
3770000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000000.00000003.1890657789.0000000003770000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
free memory
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
3770000
|
Size: |
4096
|
|
7B60000
|
trusted library allocation
|
page read and write
|
|
|
|
Name: |
00000004.00000002.2495700255.0000000007B60000.00000004.00000800.00020000.00000000.sdmp
|
TargetID: |
4
|
Dumpstage: |
process exit
|
Regiontype: |
trusted library allocation
|
Protect: |
page read and write
|
Base address: |
7B60000
|
Size: |
16384
|
|
64E000
|
stack
|
page read and write
|
|
|
|
Name: |
00000000.00000002.2472649669.000000000064E000.00000004.00000010.00020000.00000000.sdmp
|
TargetID: |
0
|
Dumpstage: |
process exit
|
Regiontype: |
stack
|
Protect: |
page read and write
|
Base address: |
64E000
|
Size: |
8192
|
|