|
402000
|
remote allocation
|
page execute and read and write
|
 |
|
|
| Name: |
00000003.00000002.1480927097.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
402000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4079000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1330376208.0000000004079000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4079000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
|
28FF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329670167.00000000028FF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28FF000
|
| Size: |
159744
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
|
2FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000002FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FF0000
|
| Size: |
106496
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4099000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1330376208.0000000004099000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4099000
|
| Size: |
196608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
|
|
73B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312275982.00000000073B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73B0000
|
| Size: |
65536
|
|
|
5560000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493605562.0000000005560000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5560000
|
| Size: |
12288
|
|
|
68DB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497099675.00000000068DB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68DB000
|
| Size: |
16384
|
|
|
7C98000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1502195533.0000000007C98000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C98000
|
| Size: |
12288
|
|
|
3871000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1330376208.0000000003871000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3871000
|
| Size: |
12288
|
|
|
CD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1328409836.0000000000CD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
4096
|
|
|
2871000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329670167.0000000002871000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2871000
|
| Size: |
24576
|
|
|
811C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312954359.000000000811C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
811C000
|
| Size: |
16384
|
|
|
8680000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1502683478.0000000008680000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
8680000
|
| Size: |
4096
|
|
|
6C22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006C22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C22000
|
| Size: |
8192
|
|
|
6A6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497440276.0000000006A6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A6E000
|
| Size: |
8192
|
|
|
6E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499241576.0000000006E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E80000
|
| Size: |
65536
|
|
|
1390000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482009465.0000000001390000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1390000
|
| Size: |
4096
|
|
|
59B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1309633989.00000000059B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
59B9000
|
| Size: |
4096
|
|
|
CDD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1328506723.0000000000CDD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CDD000
|
| Size: |
4096
|
|
|
3FAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FAE000
|
| Size: |
4096
|
|
|
3434000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003434000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3434000
|
| Size: |
36864
|
|
|
729E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311773997.000000000729E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
729E000
|
| Size: |
8192
|
|
|
29B6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305065445.00000000029B6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29B6000
|
| Size: |
303104
|
|
|
7ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312759237.0000000007ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7ED0000
|
| Size: |
4096
|
|
|
3446000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003446000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3446000
|
| Size: |
131072
|
|
|
4D0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1303764355.00000000004D0000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4D0000
|
| Size: |
4096
|
|
|
475E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305723824.000000000475E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
475E000
|
| Size: |
8192
|
|
|
58D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1494280667.00000000058D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58D0000
|
| Size: |
65536
|
|
|
6AA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497777828.0000000006AA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AA4000
|
| Size: |
36864
|
|
|
1176000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481261655.0000000001176000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1176000
|
| Size: |
270336
|
|
|
168E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482697790.000000000168E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
168E000
|
| Size: |
8192
|
|
|
9C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1324130932.00000000009C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9C6000
|
| Size: |
12288
|
|
|
A30E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1332631013.000000000A30E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A30E000
|
| Size: |
8192
|
|
|
5910000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1494511613.0000000005910000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5910000
|
| Size: |
65536
|
|
|
70CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311228269.00000000070CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70CC000
|
| Size: |
8192
|
|
|
5890000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493931944.0000000005890000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5890000
|
| Size: |
36864
|
|
|
7360000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312032267.0000000007360000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7360000
|
| Size: |
65536
|
|
|
33AB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000033AB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33AB000
|
| Size: |
45056
|
|
|
13D3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1482080217.00000000013D3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13D3000
|
| Size: |
4096
|
|
|
79B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500574939.00000000079B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
79B0000
|
| Size: |
65536
|
|
|
2580000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1304870582.0000000002580000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2580000
|
| Size: |
12288
|
|
|
6BF4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006BF4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BF4000
|
| Size: |
4096
|
|
|
7160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499650931.0000000007160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7160000
|
| Size: |
65536
|
|
|
70F2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311440660.00000000070F2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70F2000
|
| Size: |
8192
|
|
|
26C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1328872537.00000000026C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
26C0000
|
| Size: |
61440
|
|
|
79C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500676256.00000000079C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
79C0000
|
| Size: |
65536
|
|
|
F58000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481061354.0000000000F58000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F58000
|
| Size: |
32768
|
|
|
7990000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500380923.0000000007990000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7990000
|
| Size: |
4096
|
|
|
3FCA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FCA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FCA000
|
| Size: |
8192
|
|
|
7320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500142661.0000000007320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7320000
|
| Size: |
65536
|
|
|
6E7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499201910.0000000006E7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E7C000
|
| Size: |
16384
|
|
|
43C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305573364.00000000043C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43C0000
|
| Size: |
12288
|
|
|
3542000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003542000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3542000
|
| Size: |
192512
|
|
|
6BFC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006BFC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BFC000
|
| Size: |
4096
|
|
|
A40E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1332701199.000000000A40E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A40E000
|
| Size: |
8192
|
|
|
CAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1328261091.0000000000CAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CAF000
|
| Size: |
4096
|
|
|
67F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496293522.00000000067F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67F0000
|
| Size: |
4096
|
|
|
4465000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004465000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4465000
|
| Size: |
4096
|
|
|
2830000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329485065.0000000002830000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2830000
|
| Size: |
16384
|
|
|
2F90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482837603.0000000002F90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F90000
|
| Size: |
4096
|
|
|
4860000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306127598.0000000004860000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4860000
|
| Size: |
4096
|
|
|
3359000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003359000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3359000
|
| Size: |
290816
|
|
|
157E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482590408.000000000157E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
157E000
|
| Size: |
8192
|
|
|
52E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306544682.00000000052E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52E8000
|
| Size: |
479232
|
|
|
728F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500026298.000000000728F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
728F000
|
| Size: |
4096
|
|
|
6B6D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310555999.0000000006B6D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B6D000
|
| Size: |
12288
|
|
|
1517000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1482459049.0000000001517000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1517000
|
| Size: |
4096
|
|
|
43D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305699309.00000000043D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
43D0000
|
| Size: |
4096
|
|
|
294E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305028008.000000000294E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
294E000
|
| Size: |
8192
|
|
|
7EB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1312676747.0000000007EB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7EB0000
|
| Size: |
4096
|
|
|
58B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493931944.00000000058B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58B2000
|
| Size: |
36864
|
|
|
28ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329670167.00000000028ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28ED000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
116A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481261655.000000000116A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
116A000
|
| Size: |
45056
|
|
|
7170000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499777502.0000000007170000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7170000
|
| Size: |
65536
|
|
|
1502000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482308531.0000000001502000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1502000
|
| Size: |
4096
|
|
|
435E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305429097.000000000435E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
435E000
|
| Size: |
8192
|
|
|
990000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1324130932.0000000000990000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
990000
|
| Size: |
28672
|
|
|
9EB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1324130932.00000000009EB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9EB000
|
| Size: |
73728
|
|
|
4470000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004470000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4470000
|
| Size: |
8192
|
|
|
7370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312077450.0000000007370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7370000
|
| Size: |
65536
|
|
|
689A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496645653.000000000689A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
689A000
|
| Size: |
16384
|
|
|
72DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311791707.00000000072DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
72DE000
|
| Size: |
8192
|
|
|
5E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1323679050.00000000005E0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E0000
|
| Size: |
4096
|
|
|
7BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501013803.0000000007BE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE0000
|
| Size: |
8192
|
|
|
33A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000033A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33A2000
|
| Size: |
32768
|
|
|
5564000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493605562.0000000005564000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5564000
|
| Size: |
20480
|
|
|
68E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497154992.00000000068E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68E4000
|
| Size: |
8192
|
|
|
24F9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1304822320.00000000024F9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
24F9000
|
| Size: |
28672
|
|
|
43CD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1305678896.00000000043CD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43CD000
|
| Size: |
8192
|
|
|
47A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305946335.00000000047A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47A0000
|
| Size: |
4096
|
|
|
3FD3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FD3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FD3000
|
| Size: |
8192
|
|
|
D07000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1328699974.0000000000D07000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
D07000
|
| Size: |
4096
|
|
|
6902000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497228826.0000000006902000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6902000
|
| Size: |
12288
|
|
|
7320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311825372.0000000007320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7320000
|
| Size: |
61440
|
|
|
13ED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1482174565.00000000013ED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13ED000
|
| Size: |
4096
|
|
|
5BC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495853335.0000000005BC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5BC0000
|
| Size: |
36864
|
|
|
5980000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1494913741.0000000005980000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5980000
|
| Size: |
65536
|
|
|
980000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1324099352.0000000000980000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
980000
|
| Size: |
16384
|
|
|
79D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500774514.00000000079D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
79D0000
|
| Size: |
4096
|
|
|
A44E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1332978733.000000000A44E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A44E000
|
| Size: |
8192
|
|
|
47F0000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1305991959.00000000047F0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
47F0000
|
| Size: |
4096
|
|
|
7EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312656432.0000000007EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7EA0000
|
| Size: |
4096
|
|
|
444E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.000000000444E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
444E000
|
| Size: |
4096
|
|
|
7AD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500877443.0000000007AD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7AD0000
|
| Size: |
4096
|
|
|
B1EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333434033.000000000B1EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B1EE000
|
| Size: |
8192
|
|
|
FB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481094417.0000000000FB0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FB0000
|
| Size: |
4096
|
|
|
43B5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.00000000043B5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43B5000
|
| Size: |
434176
|
|
|
6C25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006C25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C25000
|
| Size: |
36864
|
|
|
5950000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1494671626.0000000005950000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5950000
|
| Size: |
65536
|
|
|
73E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312438523.00000000073E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73E0000
|
| Size: |
65536
|
|
|
58E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1494363858.00000000058E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58E1000
|
| Size: |
61440
|
|
|
485E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306070567.000000000485E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
485E000
|
| Size: |
8192
|
|
|
5920000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1494598082.0000000005920000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5920000
|
| Size: |
65536
|
|
|
CC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1328315836.0000000000CC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CC0000
|
| Size: |
8192
|
|
|
6ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310448262.0000000006ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6ABE000
|
| Size: |
8192
|
|
|
3019000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003019000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3019000
|
| Size: |
16384
|
|
|
7C28000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501457483.0000000007C28000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C28000
|
| Size: |
8192
|
|
|
70A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310993818.00000000070A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70A5000
|
| Size: |
126976
|
|
|
58BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493931944.00000000058BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58BE000
|
| Size: |
8192
|
|
|
7330000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311858451.0000000007330000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7330000
|
| Size: |
65536
|
|
|
29A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305065445.00000000029A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A8000
|
| Size: |
53248
|
|
|
442B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.000000000442B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
442B000
|
| Size: |
4096
|
|
|
9FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1324130932.00000000009FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9FE000
|
| Size: |
499712
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
6BD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498355146.0000000006BD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BD6000
|
| Size: |
24576
|
|
|
5A20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1495565061.0000000005A20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5A20000
|
| Size: |
65536
|
|
|
555E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493575124.000000000555E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
555E000
|
| Size: |
8192
|
|
|
25FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1304986395.00000000025FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25FE000
|
| Size: |
4096
|
|
|
72CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1331635129.00000000072CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
72CF000
|
| Size: |
4096
|
|
|
14FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482226261.00000000014FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14FE000
|
| Size: |
8192
|
|
|
47EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305966757.00000000047EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
47EE000
|
| Size: |
8192
|
|
|
4290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305287383.0000000004290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4290000
|
| Size: |
16384
|
|
|
73A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312221653.00000000073A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73A0000
|
| Size: |
65536
|
|
|
7330000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1500258639.0000000007330000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7330000
|
| Size: |
65536
|
|
|
5570000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493757308.0000000005570000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5570000
|
| Size: |
36864
|
|
|
43B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305549957.00000000043B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43B0000
|
| Size: |
8192
|
|
|
7DD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1502231679.0000000007DD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DD6000
|
| Size: |
28672
|
|
|
711E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499583412.000000000711E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
711E000
|
| Size: |
8192
|
|
|
B0EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333404147.000000000B0EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0EE000
|
| Size: |
8192
|
|
|
70D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311265017.00000000070D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70D1000
|
| Size: |
49152
|
|
|
4810000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1306040194.0000000004810000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4810000
|
| Size: |
4096
|
|
|
CD3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1328450594.0000000000CD3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CD3000
|
| Size: |
4096
|
|
|
5480000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493378151.0000000005480000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5480000
|
| Size: |
8192
|
|
|
43A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.00000000043A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43A5000
|
| Size: |
8192
|
|
|
2A3B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305065445.0000000002A3B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A3B000
|
| Size: |
409600
|
|
|
7210000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311712955.0000000007210000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7210000
|
| Size: |
24576
|
|
|
4782000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305894269.0000000004782000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4782000
|
| Size: |
12288
|
|
|
3020000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003020000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3020000
|
| Size: |
8192
|
|
|
B470000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1334169930.000000000B470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B470000
|
| Size: |
4096
|
|
|
1500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482247100.0000000001500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1500000
|
| Size: |
4096
|
|
|
7C08000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501281803.0000000007C08000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C08000
|
| Size: |
28672
|
|
|
2F2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482717404.0000000002F2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F2F000
|
| Size: |
4096
|
|
|
7350000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311956921.0000000007350000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7350000
|
| Size: |
65536
|
|
|
7C02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501239147.0000000007C02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C02000
|
| Size: |
20480
|
|
|
4900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306342286.0000000004900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4900000
|
| Size: |
65536
|
|
|
2850000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329560119.0000000002850000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
2850000
|
| Size: |
4096
|
|
|
32A3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000032A3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32A3000
|
| Size: |
217088
|
|
|
443A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.000000000443A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
443A000
|
| Size: |
8192
|
|
|
D0B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1328721627.0000000000D0B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
D0B000
|
| Size: |
4096
|
|
|
30B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000030B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30B1000
|
| Size: |
4096
|
|
|
7E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312532307.0000000007E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7E00000
|
| Size: |
61440
|
|
|
B22E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333557171.000000000B22E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B22E000
|
| Size: |
8192
|
|
|
6AB5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497853698.0000000006AB5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AB5000
|
| Size: |
45056
|
|
|
7390000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312180085.0000000007390000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7390000
|
| Size: |
65536
|
|
|
5490000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493415274.0000000005490000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5490000
|
| Size: |
65536
|
|
|
4461000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004461000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4461000
|
| Size: |
8192
|
|
|
4FA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493297230.0000000004FA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FA8000
|
| Size: |
4096
|
|
|
1148000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481261655.0000000001148000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1148000
|
| Size: |
135168
|
|
|
13D4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482098124.00000000013D4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13D4000
|
| Size: |
16384
|
|
|
43C3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1305596804.00000000043C3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43C3000
|
| Size: |
4096
|
|
|
67FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496293522.00000000067FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
67FC000
|
| Size: |
4096
|
|
|
AACE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333376760.000000000AACE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AACE000
|
| Size: |
8192
|
|
|
6C30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499035048.0000000006C30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C30000
|
| Size: |
4096
|
|
|
513D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493340838.000000000513D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
513D000
|
| Size: |
12288
|
|
|
42C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305368968.00000000042C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
42C0000
|
| Size: |
4096
|
|
|
33E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000033E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33E1000
|
| Size: |
294912
|
|
|
3875000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1330376208.0000000003875000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3875000
|
| Size: |
4096
|
|
|
5EA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496044737.0000000005EA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5EA0000
|
| Size: |
57344
|
|
|
68C4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497005815.00000000068C4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68C4000
|
| Size: |
12288
|
|
|
325B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.000000000325B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
325B000
|
| Size: |
286720
|
|
|
59B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1309633989.00000000059B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
59B1000
|
| Size: |
28672
|
|
|
3FC7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FC7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FC7000
|
| Size: |
4096
|
|
|
68D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497073243.00000000068D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68D4000
|
| Size: |
12288
|
|
|
2F30000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1482739106.0000000002F30000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2F30000
|
| Size: |
65536
|
|
|
97E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1324056225.000000000097E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
97E000
|
| Size: |
8192
|
|
|
998000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1324130932.0000000000998000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
998000
|
| Size: |
16384
|
|
|
A98E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333302718.000000000A98E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A98E000
|
| Size: |
8192
|
|
|
3FA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FA1000
|
| Size: |
49152
|
|
|
4149000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004149000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4149000
|
| Size: |
4096
|
|
|
11BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481261655.00000000011BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
11BF000
|
| Size: |
524288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
27EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329379340.00000000027EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
27EF000
|
| Size: |
4096
|
|
|
6B25000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1310510412.0000000006B25000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
6B25000
|
| Size: |
8192
|
|
|
6C1D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006C1D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C1D000
|
| Size: |
4096
|
|
|
71E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311574204.00000000071E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71E0000
|
| Size: |
65536
|
|
|
4137000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004137000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4137000
|
| Size: |
4096
|
|
|
6BC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498327884.0000000006BC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6BC0000
|
| Size: |
4096
|
|
|
70C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311196359.00000000070C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70C6000
|
| Size: |
20480
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1480927097.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
CF7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1328654875.0000000000CF7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CF7000
|
| Size: |
4096
|
|
|
A585000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333034021.000000000A585000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A585000
|
| Size: |
36864
|
|
|
3FDE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FDE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FDE000
|
| Size: |
8192
|
|
|
6DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310867146.0000000006DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DEE000
|
| Size: |
8192
|
|
|
CD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1328474288.0000000000CD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CD4000
|
| Size: |
4096
|
|
|
28DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329670167.00000000028DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28DB000
|
| Size: |
8192
|
|
|
6E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499124091.0000000006E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E10000
|
| Size: |
65536
|
|
|
73D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312375251.00000000073D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73D0000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found many strings related to Crypto-Wallets (likely being stolen) |
Stealing of Sensitive Information |
|
|
|
59FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495287367.00000000059FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
59FD000
|
| Size: |
12288
|
|
|
34B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000034B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34B1000
|
| Size: |
36864
|
|
|
A88E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333273776.000000000A88E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A88E000
|
| Size: |
8192
|
|
|
31A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000031A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31A5000
|
| Size: |
196608
|
|
|
13F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482196447.00000000013F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F0000
|
| Size: |
16384
|
|
|
7C15000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501376621.0000000007C15000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C15000
|
| Size: |
8192
|
|
|
3FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FC0000
|
| Size: |
8192
|
|
|
54DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493504875.00000000054DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54DE000
|
| Size: |
8192
|
|
|
AD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1326870208.0000000000AD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD0000
|
| Size: |
16384
|
|
|
842E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1502493421.000000000842E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
842E000
|
| Size: |
8192
|
|
|
6BB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310614960.0000000006BB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6BB0000
|
| Size: |
69632
|
|
|
13D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482055742.00000000013D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13D0000
|
| Size: |
12288
|
|
|
70D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499549284.00000000070D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70D0000
|
| Size: |
4096
|
|
|
4A0C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306544682.0000000004A0C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A0C000
|
| Size: |
1011712
|
|
|
73C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312330323.00000000073C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73C0000
|
| Size: |
65536
|
|
|
443E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.000000000443E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
443E000
|
| Size: |
4096
|
|
|
FFBF0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1502757576.00000000FFBF0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
FFBF0000
|
| Size: |
4096
|
|
|
AD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1326870208.0000000000AD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD5000
|
| Size: |
12288
|
|
|
695E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497372412.000000000695E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
695E000
|
| Size: |
8192
|
|
|
413E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.000000000413E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
413E000
|
| Size: |
4096
|
|
|
4244000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004244000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4244000
|
| Size: |
8192
|
|
|
6AB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497853698.0000000006AB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AB0000
|
| Size: |
4096
|
|
|
49A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306513029.00000000049A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A0000
|
| Size: |
4096
|
|
|
68E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497132112.00000000068E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68E0000
|
| Size: |
8192
|
|
|
6AFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310477583.0000000006AFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6AFE000
|
| Size: |
8192
|
|
|
48FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306294610.00000000048FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48FE000
|
| Size: |
8192
|
|
|
59E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495104821.00000000059E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
59E0000
|
| Size: |
65536
|
|
|
290E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305008022.000000000290E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
290E000
|
| Size: |
8192
|
|
|
7DC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1312500089.0000000007DC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DC0000
|
| Size: |
24576
|
|
|
65CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496121130.00000000065CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
65CE000
|
| Size: |
8192
|
|
|
CFA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1328676626.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CFA000
|
| Size: |
4096
|
|
|
59D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1494997248.00000000059D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
59D0000
|
| Size: |
65536
|
|
|
FFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481118539.0000000000FFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FFE000
|
| Size: |
8192
|
|
|
5E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495973089.0000000005E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E5E000
|
| Size: |
8192
|
|
|
3440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3440000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
7BD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500907220.0000000007BD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BD0000
|
| Size: |
8192
|
|
|
7BD4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500956841.0000000007BD4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BD4000
|
| Size: |
20480
|
|
|
3573000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003573000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3573000
|
| Size: |
290816
|
|
|
6BF2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006BF2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BF2000
|
| Size: |
4096
|
|
|
A74D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333217424.000000000A74D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A74D000
|
| Size: |
12288
|
|
|
A564000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333034021.000000000A564000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A564000
|
| Size: |
8192
|
|
|
6C16000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006C16000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C16000
|
| Size: |
4096
|
|
|
137D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481982483.000000000137D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
137D000
|
| Size: |
12288
|
|
|
5AB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1495732946.0000000005AB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5AB0000
|
| Size: |
65536
|
|
|
70FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311461310.00000000070FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70FC000
|
| Size: |
221184
|
|
|
6910000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1497286606.0000000006910000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6910000
|
| Size: |
65536
|
|
|
7DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1502231679.0000000007DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DD0000
|
| Size: |
20480
|
|
|
A79000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1324130932.0000000000A79000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A79000
|
| Size: |
28672
|
|
|
6C18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006C18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C18000
|
| Size: |
4096
|
|
|
731D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311809195.000000000731D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
731D000
|
| Size: |
12288
|
|
|
6960000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1497401807.0000000006960000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6960000
|
| Size: |
16384
|
|
|
49B1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306544682.00000000049B1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49B1000
|
| Size: |
364544
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7BF6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501196542.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BF6000
|
| Size: |
20480
|
|
|
7C49000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501687523.0000000007C49000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C49000
|
| Size: |
45056
|
|
|
589B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493931944.000000000589B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
589B000
|
| Size: |
20480
|
|
|
E5B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481022962.0000000000E5B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E5B000
|
| Size: |
20480
|
|
|
7310000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1500111298.0000000007310000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7310000
|
| Size: |
4096
|
|
|
70EC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311420344.00000000070EC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70EC000
|
| Size: |
12288
|
|
|
7E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1502445536.0000000007E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7E10000
|
| Size: |
8192
|
|
|
9D3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1324130932.00000000009D3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D3000
|
| Size: |
94208
|
|
|
856E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1502560729.000000000856E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
856E000
|
| Size: |
8192
|
|
|
A579000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333034021.000000000A579000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A579000
|
| Size: |
4096
|
|
|
79E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500834122.00000000079E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
79E6000
|
| Size: |
12288
|
|
|
99E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1324130932.000000000099E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
99E000
|
| Size: |
159744
|
|
|
57C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1323643554.000000000057C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
57C000
|
| Size: |
16384
|
|
|
5970000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1494843365.0000000005970000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5970000
|
| Size: |
53248
|
|
|
715E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499616520.000000000715E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
715E000
|
| Size: |
8192
|
|
|
3FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FD0000
|
| Size: |
4096
|
|
|
AA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1326562921.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AA0000
|
| Size: |
4096
|
|
|
3229000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003229000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3229000
|
| Size: |
196608
|
|
|
1512000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482399230.0000000001512000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1512000
|
| Size: |
4096
|
|
|
495E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306419371.000000000495E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
495E000
|
| Size: |
8192
|
|
|
6F51000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310968158.0000000006F51000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F51000
|
| Size: |
8192
|
|
|
6A8A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497481486.0000000006A8A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A8A000
|
| Size: |
8192
|
|
|
E3F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1328791367.0000000000E3F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E3F000
|
| Size: |
4096
|
|
|
34CD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000034CD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34CD000
|
| Size: |
131072
|
|
|
4440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4440000
|
| Size: |
8192
|
|
|
6AA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497777828.0000000006AA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AA0000
|
| Size: |
4096
|
|
|
6A7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310420687.0000000006A7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A7B000
|
| Size: |
20480
|
|
|
425D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.000000000425D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
425D000
|
| Size: |
184320
|
|
|
58A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493931944.00000000058A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58A1000
|
| Size: |
16384
|
|
|
6BD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498355146.0000000006BD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BD0000
|
| Size: |
20480
|
|
|
13E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482142696.00000000013E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13E0000
|
| Size: |
28672
|
|
|
414D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.000000000414D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
414D000
|
| Size: |
987136
|
|
|
686F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496645653.000000000686F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
686F000
|
| Size: |
172032
|
|
|
439E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305487385.000000000439E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
439E000
|
| Size: |
8192
|
|
|
25DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1304927695.00000000025DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
25DE000
|
| Size: |
8192
|
|
|
3FD6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FD6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FD6000
|
| Size: |
4096
|
|
|
7C92000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501761715.0000000007C92000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C92000
|
| Size: |
12288
|
|
|
7C36000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501534435.0000000007C36000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C36000
|
| Size: |
20480
|
|
|
7C1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501413113.0000000007C1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C1E000
|
| Size: |
24576
|
|
|
7E10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312580261.0000000007E10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7E10000
|
| Size: |
4096
|
|
|
4D2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1303782935.00000000004D2000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4D2000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7082000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310993818.0000000007082000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7082000
|
| Size: |
139264
|
|
|
25F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1304946768.00000000025F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25F6000
|
| Size: |
28672
|
|
|
578E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493875410.000000000578E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
578E000
|
| Size: |
8192
|
|
|
261E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1328812556.000000000261E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
261E000
|
| Size: |
8192
|
|
|
4DF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1330959887.0000000004DF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DF0000
|
| Size: |
20480
|
|
|
7BE9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501093858.0000000007BE9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE9000
|
| Size: |
8192
|
|
|
4E2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000002.00000000.1303803447.00000000004E2000.00000002.00000001.01000000.00000007.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
4E2000
|
| Size: |
4096
|
|
|
68A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496851508.00000000068A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68A3000
|
| Size: |
122880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| AV process strings found (often used to terminate AV products) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
|
|
|
6D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310822928.0000000006D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D6E000
|
| Size: |
8192
|
|
|
282E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329428247.000000000282E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
282E000
|
| Size: |
8192
|
|
|
4785000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1305916861.0000000004785000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4785000
|
| Size: |
45056
|
|
|
29A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305065445.00000000029A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
29A0000
|
| Size: |
28672
|
|
|
446E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.000000000446E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
446E000
|
| Size: |
4096
|
|
|
1515000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1482423450.0000000001515000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1515000
|
| Size: |
4096
|
|
|
7C12000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501344463.0000000007C12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C12000
|
| Size: |
4096
|
|
|
68C9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497038672.00000000068C9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68C9000
|
| Size: |
16384
|
|
|
431D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305397275.000000000431D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
431D000
|
| Size: |
12288
|
|
|
6E2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310891353.0000000006E2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E2E000
|
| Size: |
8192
|
|
|
1000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481147614.0000000001000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1000000
|
| Size: |
8192
|
|
|
2A0D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305065445.0000000002A0D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A0D000
|
| Size: |
184320
|
|
|
7EE1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312779499.0000000007EE1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE1000
|
| Size: |
20480
|
|
|
CE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1328566669.0000000000CE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
CE0000
|
| Size: |
49152
|
|
|
7BE4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501043453.0000000007BE4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BE4000
|
| Size: |
16384
|
|
|
852E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1502522152.000000000852E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
852E000
|
| Size: |
8192
|
|
|
B48C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1334169930.000000000B48C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B48C000
|
| Size: |
4096
|
|
|
3FB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FB2000
|
| Size: |
12288
|
|
|
7EF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312804874.0000000007EF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF9000
|
| Size: |
24576
|
|
|
5900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1494437655.0000000005900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5900000
|
| Size: |
65536
|
|
|
1506000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1482336774.0000000001506000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1506000
|
| Size: |
40960
|
|
|
2628000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1328837149.0000000002628000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2628000
|
| Size: |
4096
|
|
|
302D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.000000000302D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
302D000
|
| Size: |
4096
|
|
|
43C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305623026.00000000043C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43C4000
|
| Size: |
36864
|
|
|
4769000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305749265.0000000004769000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4769000
|
| Size: |
16384
|
|
|
30AB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000030AB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30AB000
|
| Size: |
12288
|
|
|
2570000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1304848676.0000000002570000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2570000
|
| Size: |
4096
|
|
|
7EF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312804874.0000000007EF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF0000
|
| Size: |
32768
|
|
|
1140000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481261655.0000000001140000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1140000
|
| Size: |
28672
|
|
|
6EA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1499434198.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6EA0000
|
| Size: |
65536
|
|
|
7180000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499927008.0000000007180000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7180000
|
| Size: |
12288
|
|
|
70F9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311461310.00000000070F9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70F9000
|
| Size: |
8192
|
|
|
3163000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003163000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3163000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
30AF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000030AF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30AF000
|
| Size: |
4096
|
|
|
2878000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329670167.0000000002878000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2878000
|
| Size: |
12288
|
|
|
7BEC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501145446.0000000007BEC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7BEC000
|
| Size: |
16384
|
|
|
7E5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312610049.0000000007E5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7E5D000
|
| Size: |
12288
|
|
|
72CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500066029.00000000072CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
72CE000
|
| Size: |
8192
|
|
|
34C7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000034C7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34C7000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
8F9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1323745087.00000000008F9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8F9000
|
| Size: |
28672
|
|
|
58A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493931944.00000000058A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58A6000
|
| Size: |
45056
|
|
|
5AAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495698296.0000000005AAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5AAE000
|
| Size: |
8192
|
|
|
A590000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333167166.000000000A590000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A590000
|
| Size: |
40960
|
|
|
3FE3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FE3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FE3000
|
| Size: |
831488
|
|
|
680C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496293522.000000000680C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
680C000
|
| Size: |
4096
|
|
|
6E90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499325588.0000000006E90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E90000
|
| Size: |
4096
|
|
|
5580000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1493809843.0000000005580000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5580000
|
| Size: |
4096
|
|
|
59D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1309633989.00000000059D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
59D9000
|
| Size: |
196608
|
|
|
7C70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501761715.0000000007C70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C70000
|
| Size: |
135168
|
|
|
158B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482611426.000000000158B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
158B000
|
| Size: |
16384
|
|
|
6A88000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497481486.0000000006A88000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A88000
|
| Size: |
4096
|
|
|
5E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496008565.0000000005E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E9E000
|
| Size: |
8192
|
|
|
7EC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312708274.0000000007EC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EC0000
|
| Size: |
65536
|
|
|
499F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306445603.000000000499F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
499F000
|
| Size: |
4096
|
|
|
2888000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329670167.0000000002888000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2888000
|
| Size: |
335872
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310917098.0000000006EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6EDE000
|
| Size: |
8192
|
|
|
342A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.000000000342A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
342A000
|
| Size: |
36864
|
|
|
1530000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482568099.0000000001530000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1530000
|
| Size: |
4096
|
|
|
6A9A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497481486.0000000006A9A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A9A000
|
| Size: |
8192
|
|
|
7071000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310993818.0000000007071000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7071000
|
| Size: |
40960
|
|
|
B4B2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1334645450.000000000B4B2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B4B2000
|
| Size: |
8192
|
|
|
6BAA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310585312.0000000006BAA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BAA000
|
| Size: |
24576
|
|
|
B46F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1334115397.000000000B46F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B46F000
|
| Size: |
4096
|
|
|
25F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1304946768.00000000025F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25F0000
|
| Size: |
16384
|
|
|
6C0E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006C0E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C0E000
|
| Size: |
4096
|
|
|
6B90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498215900.0000000006B90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B90000
|
| Size: |
65536
|
|
|
4431000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004431000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4431000
|
| Size: |
8192
|
|
|
2FA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2FA1000
|
| Size: |
319488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1065000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481200896.0000000001065000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1065000
|
| Size: |
16384
|
|
|
8035000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312914908.0000000008035000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8035000
|
| Size: |
36864
|
|
|
7C3D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501612584.0000000007C3D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C3D000
|
| Size: |
20480
|
|
|
496D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1330889261.000000000496D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
496D000
|
| Size: |
12288
|
|
|
26E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329349629.00000000026E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
26E0000
|
| Size: |
4096
|
|
|
24BB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1304800228.00000000024BB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
24BB000
|
| Size: |
20480
|
|
|
A576000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333034021.000000000A576000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A576000
|
| Size: |
4096
|
|
|
3031000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003031000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3031000
|
| Size: |
495616
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1586000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482611426.0000000001586000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1586000
|
| Size: |
16384
|
|
|
3220000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003220000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3220000
|
| Size: |
32768
|
|
|
A9CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333349012.000000000A9CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9CD000
|
| Size: |
12288
|
|
|
4DF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1330959887.0000000004DF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DF6000
|
| Size: |
36864
|
|
|
4143000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004143000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4143000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4424000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004424000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4424000
|
| Size: |
12288
|
|
|
59FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495287367.00000000059FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
59FA000
|
| Size: |
8192
|
|
|
D30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1328739429.0000000000D30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D30000
|
| Size: |
16384
|
|
|
6A95000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497481486.0000000006A95000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A95000
|
| Size: |
4096
|
|
|
68EE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497207572.00000000068EE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68EE000
|
| Size: |
4096
|
|
|
31D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000031D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31D7000
|
| Size: |
290816
|
|
|
2884000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329670167.0000000002884000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2884000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6C34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499035048.0000000006C34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C34000
|
| Size: |
49152
|
|
|
4443000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004443000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4443000
|
| Size: |
4096
|
|
|
34BB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000034BB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34BB000
|
| Size: |
36864
|
|
|
34F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000034F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
34F0000
|
| Size: |
290816
|
|
|
7F00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312875266.0000000007F00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F00000
|
| Size: |
36864
|
|
|
725E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311757794.000000000725E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
725E000
|
| Size: |
8192
|
|
|
5BCE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495853335.0000000005BCE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5BCE000
|
| Size: |
8192
|
|
|
6BFF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006BFF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BFF000
|
| Size: |
8192
|
|
|
43AB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.00000000043AB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43AB000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3FD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FD8000
|
| Size: |
8192
|
|
|
447D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.000000000447D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
447D000
|
| Size: |
1921024
|
|
|
6F1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310948318.0000000006F1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F1E000
|
| Size: |
8192
|
|
|
4800000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1306013068.0000000004800000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4800000
|
| Size: |
32768
|
|
|
6B20000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1310510412.0000000006B20000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
6B20000
|
| Size: |
12288
|
|
|
4478000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004478000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4478000
|
| Size: |
12288
|
|
|
4454000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004454000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4454000
|
| Size: |
12288
|
|
|
2F8C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482808923.0000000002F8C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F8C000
|
| Size: |
16384
|
|
|
67CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496221856.00000000067CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
67CE000
|
| Size: |
8192
|
|
|
7200000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1311670029.0000000007200000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
7200000
|
| Size: |
4096
|
|
|
133E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481956948.000000000133E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
133E000
|
| Size: |
8192
|
|
|
6A70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497481486.0000000006A70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A70000
|
| Size: |
4096
|
|
|
A554000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333034021.000000000A554000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A554000
|
| Size: |
4096
|
|
|
A84F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333246270.000000000A84F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A84F000
|
| Size: |
4096
|
|
|
1060000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481200896.0000000001060000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1060000
|
| Size: |
16384
|
|
|
5A6D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495656384.0000000005A6D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5A6D000
|
| Size: |
12288
|
|
|
1580000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482611426.0000000001580000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1580000
|
| Size: |
16384
|
|
|
6A9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497481486.0000000006A9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A9F000
|
| Size: |
4096
|
|
|
486A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306127598.000000000486A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
486A000
|
| Size: |
4096
|
|
|
6A72000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497481486.0000000006A72000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A72000
|
| Size: |
8192
|
|
|
4E00000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1331034521.0000000004E00000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4E00000
|
| Size: |
4096
|
|
|
43B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.00000000043B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
43B0000
|
| Size: |
8192
|
|
|
6A8F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497481486.0000000006A8F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A8F000
|
| Size: |
8192
|
|
|
6C08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006C08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C08000
|
| Size: |
4096
|
|
|
A54E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333006857.000000000A54E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A54E000
|
| Size: |
8192
|
|
|
7E9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312636140.0000000007E9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7E9F000
|
| Size: |
4096
|
|
|
2860000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000002.00000002.1329611050.0000000002860000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2860000
|
| Size: |
4096
|
|
|
48BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306234646.00000000048BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48BC000
|
| Size: |
16384
|
|
|
6CEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310775278.0000000006CEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CEE000
|
| Size: |
8192
|
|
|
58C1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493931944.00000000058C1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
58C1000
|
| Size: |
49152
|
|
|
4075000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1330376208.0000000004075000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4075000
|
| Size: |
12288
|
|
|
6B2D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498067065.0000000006B2D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B2D000
|
| Size: |
12288
|
|
|
4131000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004131000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4131000
|
| Size: |
8192
|
|
|
5A00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495385585.0000000005A00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A00000
|
| Size: |
65536
|
|
|
6E92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499325588.0000000006E92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E92000
|
| Size: |
57344
|
|
|
8670000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1502638220.0000000008670000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8670000
|
| Size: |
4096
|
|
|
4868000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306127598.0000000004868000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4868000
|
| Size: |
4096
|
|
|
30B3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000030B3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30B3000
|
| Size: |
32768
|
|
|
2F40000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1482788387.0000000002F40000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2F40000
|
| Size: |
4096
|
|
|
4CEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1330917011.0000000004CEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CEE000
|
| Size: |
8192
|
|
|
35C5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000035C5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35C5000
|
| Size: |
53248
|
|
|
4DEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1330940885.0000000004DEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DEF000
|
| Size: |
4096
|
|
|
6A3D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310390255.0000000006A3D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A3D000
|
| Size: |
12288
|
|
|
70CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1499517631.00000000070CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
70CD000
|
| Size: |
12288
|
|
|
6900000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497228826.0000000006900000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6900000
|
| Size: |
4096
|
|
|
71CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1331607048.00000000071CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71CE000
|
| Size: |
8192
|
|
|
28E3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329670167.00000000028E3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28E3000
|
| Size: |
32768
|
|
|
3539000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003539000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3539000
|
| Size: |
32768
|
|
|
104E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1481178249.000000000104E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
104E000
|
| Size: |
8192
|
|
|
7050000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310993818.0000000007050000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7050000
|
| Size: |
36864
|
|
|
4435000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004435000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4435000
|
| Size: |
4096
|
|
|
6B6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498106923.0000000006B6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B6E000
|
| Size: |
8192
|
|
|
93E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1323995635.000000000093E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
93E000
|
| Size: |
8192
|
|
|
2A01000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305065445.0000000002A01000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A01000
|
| Size: |
40960
|
|
|
5A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495474855.0000000005A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A10000
|
| Size: |
65536
|
|
|
13DD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1482124556.00000000013DD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13DD000
|
| Size: |
4096
|
|
|
5BCB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495853335.0000000005BCB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5BCB000
|
| Size: |
8192
|
|
|
2595000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1304884780.0000000002595000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2595000
|
| Size: |
16384
|
|
|
5A1E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1309633989.0000000005A1E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5A1E000
|
| Size: |
1740800
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
298F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305047743.000000000298F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
298F000
|
| Size: |
4096
|
|
|
4B06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1306544682.0000000004B06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B06000
|
| Size: |
8261632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4448000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004448000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4448000
|
| Size: |
12288
|
|
|
588E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493902852.000000000588E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
588E000
|
| Size: |
8192
|
|
|
28F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329670167.00000000028F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F6000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2590000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1304884780.0000000002590000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2590000
|
| Size: |
16384
|
|
|
79D2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1500774514.00000000079D2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
79D2000
|
| Size: |
4096
|
|
|
6BC8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310614960.0000000006BC8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6BC8000
|
| Size: |
262144
|
|
|
551E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493540471.000000000551E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
551E000
|
| Size: |
8192
|
|
|
3FBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000003FBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3FBA000
|
| Size: |
8192
|
|
|
4760000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305749265.0000000004760000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4760000
|
| Size: |
32768
|
|
|
3468000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003468000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3468000
|
| Size: |
294912
|
|
|
689F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496851508.000000000689F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
689F000
|
| Size: |
12288
|
|
|
446A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.000000000446A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
446A000
|
| Size: |
8192
|
|
|
26D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1328948986.00000000026D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26D0000
|
| Size: |
65536
|
|
|
6D2A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310796941.0000000006D2A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D2A000
|
| Size: |
24576
|
|
|
4297000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305287383.0000000004297000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4297000
|
| Size: |
4096
|
|
|
3013000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003013000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3013000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
70E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311367019.00000000070E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70E2000
|
| Size: |
12288
|
|
|
7380000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1312131934.0000000007380000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7380000
|
| Size: |
65536
|
|
|
7DE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1502342215.0000000007DE0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7DE0000
|
| Size: |
61440
|
|
|
866E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1502602045.000000000866E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
866E000
|
| Size: |
8192
|
|
|
6A79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497481486.0000000006A79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A79000
|
| Size: |
8192
|
|
|
4473000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.0000000004473000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4473000
|
| Size: |
4096
|
|
|
30BC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000030BC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
30BC000
|
| Size: |
679936
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6C11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006C11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C11000
|
| Size: |
8192
|
|
|
7340000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311905629.0000000007340000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7340000
|
| Size: |
65536
|
|
|
6C04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006C04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C04000
|
| Size: |
8192
|
|
|
B32E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1333762106.000000000B32E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B32E000
|
| Size: |
8192
|
|
|
13C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482031854.00000000013C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
8192
|
|
|
6BF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498631997.0000000006BF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BF6000
|
| Size: |
4096
|
|
|
6AC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497988724.0000000006AC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AC0000
|
| Size: |
61440
|
|
|
3167000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.0000000003167000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3167000
|
| Size: |
208896
|
|
|
40C3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.00000000040C3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
40C3000
|
| Size: |
438272
|
|
|
568E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493846002.000000000568E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
568E000
|
| Size: |
8192
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1323721670.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
8192
|
|
|
70E6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1311388386.00000000070E6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70E6000
|
| Size: |
20480
|
|
|
1510000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482372978.0000000001510000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1510000
|
| Size: |
4096
|
|
|
33BF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000033BF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33BF000
|
| Size: |
131072
|
|
|
42A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.00000000042A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
42A0000
|
| Size: |
962560
|
|
|
79A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1500436140.00000000079A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
79A0000
|
| Size: |
65536
|
|
|
815C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1313007393.000000000815C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
815C000
|
| Size: |
16384
|
|
|
33B9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000033B9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33B9000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
6A75000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497481486.0000000006A75000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A75000
|
| Size: |
12288
|
|
|
151B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1482545318.000000000151B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
151B000
|
| Size: |
8192
|
|
|
66CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496162572.00000000066CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66CF000
|
| Size: |
4096
|
|
|
32FE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000032FE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32FE000
|
| Size: |
364544
|
|
|
6DAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1310841578.0000000006DAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6DAB000
|
| Size: |
20480
|
|
|
319C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.000000000319C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
319C000
|
| Size: |
32768
|
|
|
7C5D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501761715.0000000007C5D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C5D000
|
| Size: |
20480
|
|
|
556A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1493605562.000000000556A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
556A000
|
| Size: |
24576
|
|
|
71F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1311624742.00000000071F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
71F0000
|
| Size: |
4096
|
|
|
7C43000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501657606.0000000007C43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C43000
|
| Size: |
8192
|
|
|
28DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329670167.00000000028DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28DE000
|
| Size: |
16384
|
|
|
4780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305857040.0000000004780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4780000
|
| Size: |
4096
|
|
|
6832000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1496477849.0000000006832000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6832000
|
| Size: |
122880
|
|
|
4270000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1305265301.0000000004270000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4270000
|
| Size: |
4096
|
|
|
35BC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000035BC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
35BC000
|
| Size: |
32768
|
|
|
5BBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1495818848.0000000005BBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5BBF000
|
| Size: |
4096
|
|
|
6B80000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000003.00000002.1498137235.0000000006B80000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6B80000
|
| Size: |
65536
|
|
|
445B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1487495570.000000000445B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
445B000
|
| Size: |
4096
|
|
|
B36E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1334005472.000000000B36E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B36E000
|
| Size: |
8192
|
|
|
287C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000002.00000002.1329670167.000000000287C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
2
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
287C000
|
| Size: |
20480
|
|
|
5960000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1494762196.0000000005960000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5960000
|
| Size: |
65536
|
|
|
32D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1482861241.00000000032D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
32D9000
|
| Size: |
147456
|
|
|
68E8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497179568.00000000068E8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
68E8000
|
| Size: |
8192
|
|
|
6AB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1497853698.0000000006AB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AB2000
|
| Size: |
8192
|
|
|
7C2D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1501492683.0000000007C2D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7C2D000
|
| Size: |
8192
|
|
|
6BE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000003.00000002.1498573639.0000000006BE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
3
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BE0000
|
| Size: |
36864
|
|
