|
542000
|
unkown
|
page readonly
|
 |
|
|
| Name: |
00000000.00000000.1317657594.0000000000542000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
542000
|
| Size: |
839680
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected RedLine Stealer |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
|
28E0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3767135861.00000000028E0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
28E0000
|
| Size: |
4096
|
|
|
AB5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766369508.0000000000AB5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AB5000
|
| Size: |
12288
|
|
|
B8E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766423199.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B8E000
|
| Size: |
151552
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
55AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767986633.00000000055AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55AE000
|
| Size: |
8192
|
|
|
4E11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767539045.0000000004E11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E11000
|
| Size: |
8192
|
|
|
500F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767858248.000000000500F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
500F000
|
| Size: |
4096
|
|
|
B1E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766423199.0000000000B1E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B1E000
|
| Size: |
151552
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
291A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767148886.000000000291A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
291A000
|
| Size: |
4096
|
|
|
4E25000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767539045.0000000004E25000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E25000
|
| Size: |
36864
|
|
|
291C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767148886.000000000291C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
291C000
|
| Size: |
4096
|
|
|
DDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766623957.0000000000DDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
DDE000
|
| Size: |
8192
|
|
|
26CB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3766881915.00000000026CB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
26CB000
|
| Size: |
4096
|
|
|
291E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767148886.000000000291E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
291E000
|
| Size: |
4096
|
|
|
602F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3768065621.000000000602F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
602F000
|
| Size: |
4096
|
|
|
2920000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767148886.0000000002920000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2920000
|
| Size: |
126976
|
|
|
2954000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767148886.0000000002954000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2954000
|
| Size: |
77824
|
|
|
610000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1317734561.0000000000610000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
610000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
556C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767966207.000000000556C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
556C000
|
| Size: |
16384
|
|
|
27A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767048041.00000000027A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27A0000
|
| Size: |
45056
|
|
|
4E18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767539045.0000000004E18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E18000
|
| Size: |
4096
|
|
|
28D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767120762.00000000028D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28D0000
|
| Size: |
28672
|
|
|
1097000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3766811913.0000000001097000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1097000
|
| Size: |
4096
|
|
|
27B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767078438.00000000027B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27B0000
|
| Size: |
61440
|
|
|
4E30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767689229.0000000004E30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E30000
|
| Size: |
36864
|
|
|
B44000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766423199.0000000000B44000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B44000
|
| Size: |
28672
|
|
|
524E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767937244.000000000524E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
524E000
|
| Size: |
8192
|
|
|
26C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766852581.00000000026C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26C0000
|
| Size: |
4096
|
|
|
4DF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767539045.0000000004DF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DF6000
|
| Size: |
4096
|
|
|
1090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766798365.0000000001090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1090000
|
| Size: |
4096
|
|
|
4DF4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767539045.0000000004DF4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DF4000
|
| Size: |
4096
|
|
|
1074000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766758067.0000000001074000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1074000
|
| Size: |
4096
|
|
|
E5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766663224.0000000000E5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E5E000
|
| Size: |
8192
|
|
|
4E3C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767689229.0000000004E3C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E3C000
|
| Size: |
16384
|
|
|
109A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3766824737.000000000109A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
109A000
|
| Size: |
4096
|
|
|
48F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767476599.00000000048F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
48F8000
|
| Size: |
4096
|
|
|
B10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766423199.0000000000B10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B10000
|
| Size: |
36864
|
|
|
28CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767108070.00000000028CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
28CE000
|
| Size: |
8192
|
|
|
E9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766684536.0000000000E9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E9E000
|
| Size: |
8192
|
|
|
540000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1317637094.0000000000540000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
540000
|
| Size: |
4096
|
|
|
4E16000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767539045.0000000004E16000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E16000
|
| Size: |
4096
|
|
|
B53000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766423199.0000000000B53000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B53000
|
| Size: |
4096
|
|
|
26E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766908459.00000000026E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
26E0000
|
| Size: |
4096
|
|
|
AFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766395380.0000000000AFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AFE000
|
| Size: |
8192
|
|
|
2940000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767148886.0000000002940000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2940000
|
| Size: |
8192
|
|
|
1070000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766726678.0000000001070000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1070000
|
| Size: |
4096
|
|
|
51CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767905390.00000000051CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51CE000
|
| Size: |
8192
|
|
|
1073000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3766744307.0000000001073000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1073000
|
| Size: |
4096
|
|
|
4E0E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767539045.0000000004E0E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E0E000
|
| Size: |
4096
|
|
|
4E46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767723929.0000000004E46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E46000
|
| Size: |
8192
|
|
|
A20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766330656.0000000000A20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A20000
|
| Size: |
8192
|
|
|
E1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766642229.0000000000E1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E1E000
|
| Size: |
8192
|
|
|
520E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767922206.000000000520E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
520E000
|
| Size: |
8192
|
|
|
2790000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3767025266.0000000002790000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2790000
|
| Size: |
65536
|
|
|
27AC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767048041.00000000027AC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27AC000
|
| Size: |
4096
|
|
|
4E04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767539045.0000000004E04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E04000
|
| Size: |
8192
|
|
|
276E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766952873.000000000276E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
276E000
|
| Size: |
8192
|
|
|
EDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766705581.0000000000EDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EDE000
|
| Size: |
8192
|
|
|
4DFC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767539045.0000000004DFC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DFC000
|
| Size: |
4096
|
|
|
4DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767508057.0000000004DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DD0000
|
| Size: |
36864
|
|
|
4E50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767783772.0000000004E50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E50000
|
| Size: |
49152
|
|
|
5F2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3768045513.0000000005F2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F2E000
|
| Size: |
8192
|
|
|
4E44000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767723929.0000000004E44000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E44000
|
| Size: |
4096
|
|
|
6AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766284016.00000000006AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6AB000
|
| Size: |
20480
|
|
|
272E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766934975.000000000272E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
272E000
|
| Size: |
8192
|
|
|
B55000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766423199.0000000000B55000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B55000
|
| Size: |
229376
|
|
|
50C0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3767891145.00000000050C0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
50C0000
|
| Size: |
4096
|
|
|
B00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766409763.0000000000B00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B00000
|
| Size: |
8192
|
|
|
294B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767148886.000000000294B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
294B000
|
| Size: |
32768
|
|
|
A70000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3766357287.0000000000A70000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A70000
|
| Size: |
8192
|
|
|
4A8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767493320.0000000004A8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4A8E000
|
| Size: |
8192
|
|
|
4E60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767804019.0000000004E60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E60000
|
| Size: |
20480
|
|
|
2943000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767148886.0000000002943000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2943000
|
| Size: |
28672
|
|
|
2770000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767012010.0000000002770000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2770000
|
| Size: |
4096
|
|
|
107D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3766770431.000000000107D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
107D000
|
| Size: |
4096
|
|
|
A10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766317233.0000000000A10000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A10000
|
| Size: |
4096
|
|
|
4FCD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767842033.0000000004FCD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FCD000
|
| Size: |
12288
|
|
|
4DDA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767508057.0000000004DDA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DDA000
|
| Size: |
24576
|
|
|
10A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766836959.00000000010A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A0000
|
| Size: |
16384
|
|
|
4E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767824219.0000000004E90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E90000
|
| Size: |
4096
|
|
|
A30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766343073.0000000000A30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A30000
|
| Size: |
16384
|
|
|
5040000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3767871304.0000000005040000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5040000
|
| Size: |
65536
|
|
|
38F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767364407.00000000038F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F1000
|
| Size: |
24576
|
|
|
27C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767095137.00000000027C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
27C0000
|
| Size: |
4096
|
|
|
5E2F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3768025001.0000000005E2F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5E2F000
|
| Size: |
4096
|
|
|
B1A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766423199.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B1A000
|
| Size: |
8192
|
|
|
7A8000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766302696.00000000007A8000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A8000
|
| Size: |
32768
|
|
|
528E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767951853.000000000528E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
528E000
|
| Size: |
8192
|
|
|
26C7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.3766867463.00000000026C7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
26C7000
|
| Size: |
4096
|
|
|
38F8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767364407.00000000038F8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
38F8000
|
| Size: |
4096
|
|
|
4E00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767539045.0000000004E00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E00000
|
| Size: |
8192
|
|
|
5D2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3768005724.0000000005D2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5D2E000
|
| Size: |
8192
|
|
|
28F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767148886.00000000028F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
28F1000
|
| Size: |
163840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
1083000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766783190.0000000001083000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1083000
|
| Size: |
40960
|
|
|
4E4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3767723929.0000000004E4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E4A000
|
| Size: |
24576
|
|
|
AB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.3766369508.0000000000AB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AB0000
|
| Size: |
16384
|
|
