|
1860000
|
system
|
page execute and read and write
|
 |
|
|
| Name: |
0000000A.00000002.1947512095.0000000001860000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
1860000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
00000018.00000002.2283171505.0000000000400000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
6B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284140259.00000000006B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B0000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1647613467.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
290816
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
2470000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2286306254.0000000002470000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
2470000
|
| Size: |
2805760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
1C10000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1949135596.0000000001C10000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
1C10000
|
| Size: |
2805760
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
750000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284570033.0000000000750000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected FormBook |
AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality |
|
|
|
2BF8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1043986283.0000000002BF8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BF8000
|
| Size: |
4096
|
|
|
7DC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947102512.00000000007DC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DC000
|
| Size: |
20480
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131346326.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
5740000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1445217886.0000000005740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5740000
|
| Size: |
4096
|
|
|
197F4262000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288918319.00000197F4262000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F4262000
|
| Size: |
163840
|
|
|
4407BFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2259417454.0000004407BFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4407BFC000
|
| Size: |
16384
|
|
|
197EED02000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287372556.00000197EED02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EED02000
|
| Size: |
45056
|
|
|
1690E210000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260304781.000001690E210000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E210000
|
| Size: |
20480
|
|
|
19E9000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1947923718.00000000019E9000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
19E9000
|
| Size: |
4096
|
|
|
25DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1239748533.00000000025DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
25DB000
|
| Size: |
20480
|
|
|
83F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2136689322.000000000083F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83F000
|
| Size: |
4096
|
|
|
A24000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1156164718.0000000000A24000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A24000
|
| Size: |
4096
|
|
|
1690C770000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260029052.000001690C770000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690C770000
|
| Size: |
32768
|
|
|
181E000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1648366255.000000000181E000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
181E000
|
| Size: |
24576
|
|
|
1690C79B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260029052.000001690C79B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690C79B000
|
| Size: |
4096
|
|
|
4559000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000018.00000002.2287550496.0000000004559000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4559000
|
| Size: |
4096
|
|
|
197EEB50000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286300340.00000197EEB50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEB50000
|
| Size: |
12288
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2123860151.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
25F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1243966942.00000000025F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25F4000
|
| Size: |
8192
|
|
|
6C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1485716154.0000000006C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C50000
|
| Size: |
245760
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129001224.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
4FAA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1430049121.0000000004FAA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FAA000
|
| Size: |
24576
|
|
|
329000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1867140631.0000000000329000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
329000
|
| Size: |
61440
|
|
|
762B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2143207475.000000000762B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
762B000
|
| Size: |
8192
|
|
|
9B6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1522248572.0000000009B6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B6E000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2125877464.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
52D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1055316518.00000000052D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52D0000
|
| Size: |
16384
|
|
|
37A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1360842371.00000000037A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37A9000
|
| Size: |
4096
|
|
|
43A9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1948941056.00000000043A9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
43A9000
|
| Size: |
458752
|
|
|
545897E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286180930.000000545897E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
545897E000
|
| Size: |
8192
|
|
|
3EA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2018836806.00000000003EA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EA000
|
| Size: |
24576
|
|
|
2640000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1275674187.0000000002640000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2640000
|
| Size: |
65536
|
|
|
2C90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1044015155.0000000002C90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2C90000
|
| Size: |
65536
|
|
|
319C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2286306254.000000000319C000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
319C000
|
| Size: |
2985984
|
|
|
360000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2283486336.0000000000360000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
360000
|
| Size: |
4096
|
|
|
813000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.0000000000813000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
813000
|
| Size: |
8192
|
|
|
769C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2145354485.000000000769C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
769C000
|
| Size: |
4096
|
|
|
771000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2284830151.0000000000771000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
771000
|
| Size: |
12288
|
|
|
279F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1299088086.000000000279F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
279F000
|
| Size: |
4096
|
|
|
2655000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1286897872.0000000002655000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2655000
|
| Size: |
45056
|
|
|
A9BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064237010.000000000A9BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9BE000
|
| Size: |
8192
|
|
|
1468000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1947292597.0000000001468000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1468000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
5456CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2283279796.0000005456CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5456CFE000
|
| Size: |
8192
|
|
|
54573FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2284072078.00000054573FE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
54573FE000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127678865.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
7659000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.0000000007659000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7659000
|
| Size: |
8192
|
|
|
BBE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1212532311.0000000000BBE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BBE000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131989103.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132280782.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
AD7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1065128435.000000000AD7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AD7C000
|
| Size: |
16384
|
|
|
197F42E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289143505.00000197F42E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F42E2000
|
| Size: |
49152
|
|
|
D80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1647961529.0000000000D80000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D80000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131725365.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
1690E3A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000003.2206267114.000001690E3A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E3A6000
|
| Size: |
4096
|
|
|
818000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2134430359.0000000000818000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
818000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
1190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041911842.0000000001190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1190000
|
| Size: |
16384
|
|
|
5340000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1055538126.0000000005340000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5340000
|
| Size: |
4096
|
|
|
4F90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1427000528.0000000004F90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F90000
|
| Size: |
65536
|
|
|
1690E221000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260304781.000001690E221000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E221000
|
| Size: |
4096
|
|
|
197F42D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288918319.00000197F42D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F42D1000
|
| Size: |
12288
|
|
|
175E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1947459023.000000000175E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
175E000
|
| Size: |
8192
|
|
|
B42000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1193810928.0000000000B42000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B42000
|
| Size: |
4096
|
|
|
197EFB80000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2288098247.00000197EFB80000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
197EFB80000
|
| Size: |
65536
|
|
|
A63E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064078557.000000000A63E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A63E000
|
| Size: |
8192
|
|
|
23AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2286341048.00000000023AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
23AE000
|
| Size: |
8192
|
|
|
70AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1501465697.00000000070AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
70AE000
|
| Size: |
8192
|
|
|
800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867318429.0000000000800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
800000
|
| Size: |
32768
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2145966164.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
70E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058972029.00000000070E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70E0000
|
| Size: |
94208
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
370000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2283583968.0000000000370000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
370000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2125083256.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127761660.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
624000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1953843333.0000000000624000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
624000
|
| Size: |
4096
|
|
|
527B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1053936900.000000000527B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
527B000
|
| Size: |
69632
|
|
|
5457CFE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2285442236.0000005457CFE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5457CFE000
|
| Size: |
4096
|
|
|
8C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2285266490.00000000008C0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8C0000
|
| Size: |
12288
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126401919.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
A4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1165213706.0000000000A4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A4E000
|
| Size: |
151552
|
|
|
7320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060911569.0000000007320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7320000
|
| Size: |
61440
|
|
|
57E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058166583.00000000057E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57E0000
|
| Size: |
65536
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2285050082.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
20480
|
|
|
197EF502000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287745475.00000197EF502000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EF502000
|
| Size: |
32768
|
|
|
2460000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2286202367.0000000002460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2460000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1949285670.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
65536
|
|
|
1015000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041414724.0000000001015000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1015000
|
| Size: |
172032
|
|
|
A650000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064120571.000000000A650000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A650000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129341192.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
22A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2285370519.00000000022A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
22A0000
|
| Size: |
16384
|
|
|
197F4400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1206297671.00000197F4400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4400000
|
| Size: |
4096
|
|
|
5F05000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058396821.0000000005F05000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F05000
|
| Size: |
4096
|
|
|
72E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290525562.00000000072E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
72E0000
|
| Size: |
4096
|
|
|
4D6E000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1404309321.0000000004D6E000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
4D6E000
|
| Size: |
4096
|
|
|
7D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947387243.00000000007D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D6000
|
| Size: |
24576
|
|
|
13AD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1042194245.00000000013AD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13AD000
|
| Size: |
4096
|
|
|
197EEB80000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286412968.00000197EEB80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEB80000
|
| Size: |
4096
|
|
|
2634000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1269846936.0000000002634000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2634000
|
| Size: |
4096
|
|
|
A12000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1024146935.0000000000A12000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A12000
|
| Size: |
847872
|
|
|
197EF513000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287797072.00000197EF513000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EF513000
|
| Size: |
28672
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129631575.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
C08000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1216937220.0000000000C08000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
C08000
|
| Size: |
4096
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2284951054.0000000000780000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
4096
|
|
|
80E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867318429.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
80E000
|
| Size: |
94208
|
|
|
350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2284206563.0000000000350000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
350000
|
| Size: |
4096
|
|
|
844000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2136689322.0000000000844000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
844000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
7CD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947276885.00000000007CD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7CD000
|
| Size: |
36864
|
|
|
A9FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064308613.000000000A9FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9FE000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132590665.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
230000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2282944603.0000000000230000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
230000
|
| Size: |
4096
|
|
|
52E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1055433149.00000000052E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52E0000
|
| Size: |
65536
|
|
|
7D0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867276509.00000000007D0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
700000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2020895151.0000000000700000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
700000
|
| Size: |
151552
|
|
|
52C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1055249181.00000000052C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52C0000
|
| Size: |
65536
|
|
|
197F42D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289084200.00000197F42D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F42D5000
|
| Size: |
12288
|
|
|
866000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.0000000000866000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
866000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
25FC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1243966942.00000000025FC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25FC000
|
| Size: |
40960
|
|
|
B40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1191948280.0000000000B40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B40000
|
| Size: |
4096
|
|
|
310000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2018657269.0000000000310000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
310000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126931624.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
1690C79F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260029052.000001690C79F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690C79F000
|
| Size: |
4096
|
|
|
197F4130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1204962388.00000197F4130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4130000
|
| Size: |
4096
|
|
|
197EF3D1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287640918.00000197EF3D1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197EF3D1000
|
| Size: |
4096
|
|
|
340000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2284110598.0000000000340000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
340000
|
| Size: |
4096
|
|
|
977E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1511872248.000000000977E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
977E000
|
| Size: |
8192
|
|
|
25F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1243966942.00000000025F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25F0000
|
| Size: |
12288
|
|
|
4408BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2259493579.0000004408BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4408BFE000
|
| Size: |
8192
|
|
|
F40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041283856.0000000000F40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F40000
|
| Size: |
49152
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131806087.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
5800000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058274816.0000000005800000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
5800000
|
| Size: |
69632
|
|
|
690000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1953421779.0000000000690000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
690000
|
| Size: |
151552
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131130360.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128501115.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
720000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2018889920.0000000000720000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
720000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2122690400.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
22E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2285555009.00000000022E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22E0000
|
| Size: |
8192
|
|
|
23D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2019323944.00000000023D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23D0000
|
| Size: |
8192
|
|
|
AE8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1165213706.0000000000AE8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AE8000
|
| Size: |
20480
|
|
|
6A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1467277124.0000000006A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A1E000
|
| Size: |
8192
|
|
|
5456FFE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2283662819.0000005456FFE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5456FFE000
|
| Size: |
4096
|
|
|
500F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2288983437.000000000500F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
500F000
|
| Size: |
4096
|
|
|
F88000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041414724.0000000000F88000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F88000
|
| Size: |
167936
|
|
|
1982000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1947923718.0000000001982000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1982000
|
| Size: |
311296
|
|
|
7644000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.0000000007644000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7644000
|
| Size: |
36864
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127347038.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
17AD000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1648366255.00000000017AD000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17AD000
|
| Size: |
458752
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
2630000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1269846936.0000000002630000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2630000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128429352.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1160972434.0000000000A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A30000
|
| Size: |
24576
|
|
|
240000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1866941275.0000000000240000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
240000
|
| Size: |
4096
|
|
|
197EF402000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287668180.00000197EF402000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EF402000
|
| Size: |
4096
|
|
|
13F0000
|
direct allocation
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1947075144.00000000013F0000.00000004.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page read and write
|
| Base address: |
13F0000
|
| Size: |
274432
|
|
|
197F5000000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289951984.00000197F5000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F5000000
|
| Size: |
4096
|
|
|
1310000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1947038306.0000000001310000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1310000
|
| Size: |
16384
|
|
|
B50000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2285955072.0000000000B50000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B50000
|
| Size: |
32768
|
|
|
B4F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2285878702.0000000000B4F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
B4F000
|
| Size: |
4096
|
|
|
5352000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1055566130.0000000005352000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5352000
|
| Size: |
57344
|
|
|
197EFB70000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2288035988.00000197EFB70000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
197EFB70000
|
| Size: |
65536
|
|
|
D91000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2285137625.0000000000D91000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D91000
|
| Size: |
352256
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2130382739.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
197F421F000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288608261.00000197F421F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F421F000
|
| Size: |
49152
|
|
|
1946000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1648366255.0000000001946000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1946000
|
| Size: |
8192
|
|
|
95A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2285513053.000000000095A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
95A000
|
| Size: |
8192
|
|
|
197EF500000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287745475.00000197EF500000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EF500000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126659704.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
17A9000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1648366255.00000000017A9000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17A9000
|
| Size: |
4096
|
|
|
197EF51A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1260189584.00000197EF51A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EF51A000
|
| Size: |
4096
|
|
|
37F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1360842371.00000000037F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37F0000
|
| Size: |
4096
|
|
|
4D95000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1413606842.0000000004D95000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D95000
|
| Size: |
40960
|
|
|
2E74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1044217117.0000000002E74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E74000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127028257.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
7DC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947337532.00000000007DC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DC000
|
| Size: |
20480
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128590069.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
197F4302000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289297079.00000197F4302000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F4302000
|
| Size: |
4096
|
|
|
54582FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286031451.00000054582FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54582FB000
|
| Size: |
20480
|
|
|
684E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1457135048.000000000684E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
684E000
|
| Size: |
28672
|
|
|
7D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947432469.00000000007D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D1000
|
| Size: |
4096
|
|
|
5EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2283698911.00000000005EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EE000
|
| Size: |
8192
|
|
|
22F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1867613032.00000000022F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
22F0000
|
| Size: |
925696
|
|
|
730000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284382059.0000000000730000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
730000
|
| Size: |
4096
|
|
|
300000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2283489855.0000000000300000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
300000
|
| Size: |
4096
|
|
|
18E6000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1947923718.00000000018E6000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
18E6000
|
| Size: |
364544
|
|
|
5274000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1053936900.0000000005274000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5274000
|
| Size: |
16384
|
|
|
768C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2145354485.000000000768C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
768C000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132451654.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128035808.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
236E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2286266088.000000000236E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
236E000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131236156.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
99EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1515737648.00000000099EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
99EE000
|
| Size: |
8192
|
|
|
76D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1063282419.00000000076D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
76D2000
|
| Size: |
32768
|
|
|
197F4410000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289591703.00000197F4410000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4410000
|
| Size: |
4096
|
|
|
731E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060761895.000000000731E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
731E000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128000660.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128624137.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
769B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.000000000769B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
769B000
|
| Size: |
12288
|
|
|
5ED0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058396821.0000000005ED0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5ED0000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131314983.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
197EF51A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1256150596.00000197EF51A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EF51A000
|
| Size: |
4096
|
|
|
2CC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1044058726.0000000002CC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CC0000
|
| Size: |
4096
|
|
|
9EEC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1539611038.0000000009EEC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9EEC000
|
| Size: |
16384
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128862571.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
4FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1436324595.0000000004FF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FF0000
|
| Size: |
4096
|
|
|
261D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1243966942.000000000261D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
261D000
|
| Size: |
8192
|
|
|
3B1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2284380219.00000000003B1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3B1000
|
| Size: |
12288
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127446435.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128276193.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
AB3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064789850.000000000AB3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB3E000
|
| Size: |
8192
|
|
|
7FE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.00000000007FE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7FE000
|
| Size: |
40960
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
B5B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1208188613.0000000000B5B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
B5B000
|
| Size: |
4096
|
|
|
197F42D9000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289117435.00000197F42D9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F42D9000
|
| Size: |
4096
|
|
|
2622000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1243966942.0000000002622000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2622000
|
| Size: |
49152
|
|
|
197F422C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288697976.00000197F422C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F422C000
|
| Size: |
65536
|
|
|
A8BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064205642.000000000A8BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A8BE000
|
| Size: |
8192
|
|
|
720000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2284141443.0000000000720000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
720000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131849414.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
750E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1062623363.000000000750E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
750E000
|
| Size: |
8192
|
|
|
76A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2145354485.00000000076A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76A4000
|
| Size: |
8192
|
|
|
4B5000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2283913711.00000000004B5000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
4B5000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127415040.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
7669000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.0000000007669000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7669000
|
| Size: |
4096
|
|
|
7D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947432469.00000000007D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D6000
|
| Size: |
24576
|
|
|
1690E203000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260304781.000001690E203000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E203000
|
| Size: |
16384
|
|
|
197F42E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289143505.00000197F42E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F42E0000
|
| Size: |
4096
|
|
|
EE0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2019257548.0000000000EE0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
EE0000
|
| Size: |
356352
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128963477.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
310000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1867049645.0000000000310000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
310000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2146121526.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2125835572.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
54572FB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2283971307.00000054572FB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54572FB000
|
| Size: |
20480
|
|
|
2617000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1243966942.0000000002617000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2617000
|
| Size: |
12288
|
|
|
5470000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1056388240.0000000005470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5470000
|
| Size: |
4096
|
|
|
55DB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058033887.00000000055DB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
55DB000
|
| Size: |
20480
|
|
|
329000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2018744016.0000000000329000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
329000
|
| Size: |
61440
|
|
|
250000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2283164667.0000000000250000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
250000
|
| Size: |
4096
|
|
|
3E21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1051753540.0000000003E21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E21000
|
| Size: |
28672
|
|
|
3E29000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1051753540.0000000003E29000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E29000
|
| Size: |
3153920
|
|
|
7DD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.00000000007DD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7DD000
|
| Size: |
131072
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
197EF415000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287717487.00000197EF415000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EF415000
|
| Size: |
4096
|
|
|
5EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058396821.0000000005EE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5EE0000
|
| Size: |
77824
|
|
|
6E0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1499277589.0000000006E0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E0E000
|
| Size: |
8192
|
|
|
82D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.000000000082D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
82D000
|
| Size: |
12288
|
|
|
310000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2283607052.0000000000310000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
310000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131614369.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131199526.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
54580FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2285888373.00000054580FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54580FE000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2125154419.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
7626000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2143207475.0000000007626000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7626000
|
| Size: |
8192
|
|
|
197F4200000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288608261.00000197F4200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F4200000
|
| Size: |
110592
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
197F4433000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1204839167.00000197F4433000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4433000
|
| Size: |
69632
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126863110.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
7610000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290712375.0000000007610000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7610000
|
| Size: |
4096
|
|
|
326000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2283263848.0000000000326000.00000004.00000001.01000000.0000000E.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
326000
|
| Size: |
8192
|
|
|
197EEC7A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286904164.00000197EEC7A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC7A000
|
| Size: |
8192
|
|
|
8A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1117116176.00000000008A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8A5000
|
| Size: |
16384
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132122309.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
1690C78C000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260029052.000001690C78C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690C78C000
|
| Size: |
45056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2130417467.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
197EF400000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287668180.00000197EF400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EF400000
|
| Size: |
4096
|
|
|
240000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2283060358.0000000000240000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
240000
|
| Size: |
4096
|
|
|
1F3C000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1949135596.0000000001F3C000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
1F3C000
|
| Size: |
10485760
|
|
|
197EFB50000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2287977195.00000197EFB50000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
197EFB50000
|
| Size: |
65536
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132039777.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
37A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1360842371.00000000037A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
37A1000
|
| Size: |
28672
|
|
|
197EEC40000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286795949.00000197EEC40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC40000
|
| Size: |
98304
|
|
|
31F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2283799476.000000000031F000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
31F000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
441A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1948941056.000000000441A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
441A000
|
| Size: |
24576
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127502275.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
719C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059762261.000000000719C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
719C000
|
| Size: |
36864
|
|
|
5485000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1056413192.0000000005485000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5485000
|
| Size: |
40960
|
|
|
1690DF50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000003.2204959233.000001690DF50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690DF50000
|
| Size: |
4096
|
|
|
82D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2134430359.000000000082D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
82D000
|
| Size: |
12288
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128078368.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
7430000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1061699230.0000000007430000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7430000
|
| Size: |
65536
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127602795.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
87A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.000000000087A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
87A000
|
| Size: |
12288
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2130293514.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
5457AFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2285134678.0000005457AFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5457AFE000
|
| Size: |
8192
|
|
|
197F4160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288512966.00000197F4160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4160000
|
| Size: |
4096
|
|
|
624000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1953862801.0000000000624000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
624000
|
| Size: |
4096
|
|
|
7B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B0000
|
| Size: |
24576
|
|
|
D1C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1647839697.0000000000D1C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D1C000
|
| Size: |
16384
|
|
|
197EEBB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286457906.00000197EEBB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197EEBB0000
|
| Size: |
4096
|
|
|
329000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2283377827.0000000000329000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
329000
|
| Size: |
61440
|
|
|
545767E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2284479022.000000545767E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
545767E000
|
| Size: |
8192
|
|
|
7B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2292181408.0000000007B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B9E000
|
| Size: |
8192
|
|
|
76A4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.00000000076A4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76A4000
|
| Size: |
61440
|
|
|
52B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1055198889.00000000052B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52B0000
|
| Size: |
65536
|
|
|
66E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2283973755.000000000066E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66E000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129448127.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
2620000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1243966942.0000000002620000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2620000
|
| Size: |
4096
|
|
|
6C96000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1485716154.0000000006C96000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6C96000
|
| Size: |
65536
|
|
|
545787E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2284672156.000000545787E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
545787E000
|
| Size: |
8192
|
|
|
2734000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2286306254.0000000002734000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
2734000
|
| Size: |
4096
|
|
|
FE5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041414724.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FE5000
|
| Size: |
69632
|
|
|
7D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947483079.00000000007D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D6000
|
| Size: |
24576
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2125719667.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127801594.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
CC7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1224590983.0000000000CC7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC7000
|
| Size: |
32768
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132665788.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
76A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2145354485.00000000076A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76A2000
|
| Size: |
4096
|
|
|
8BE000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2285150123.00000000008BE000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
8BE000
|
| Size: |
8192
|
|
|
54581FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2285960058.00000054581FE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
54581FE000
|
| Size: |
4096
|
|
|
2607000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1243966942.0000000002607000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2607000
|
| Size: |
20480
|
|
|
197F4300000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289297079.00000197F4300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F4300000
|
| Size: |
4096
|
|
|
22C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2285455749.00000000022C0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
22C0000
|
| Size: |
4096
|
|
|
7B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2291979335.0000000007B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B1E000
|
| Size: |
8192
|
|
|
80A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867318429.000000000080A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
80A000
|
| Size: |
8192
|
|
|
1180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041890506.0000000001180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1180000
|
| Size: |
8192
|
|
|
329000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2284032328.0000000000329000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
329000
|
| Size: |
61440
|
|
|
B57000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1205214887.0000000000B57000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
B57000
|
| Size: |
4096
|
|
|
7CB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947123034.00000000007CB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7CB000
|
| Size: |
28672
|
|
|
310000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2282949143.0000000000310000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
310000
|
| Size: |
4096
|
|
|
71C6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059762261.00000000071C6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71C6000
|
| Size: |
69632
|
|
|
197EFB40000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2287949404.00000197EFB40000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
197EFB40000
|
| Size: |
65536
|
|
|
197F44D0000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1206928430.00000197F44D0000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
197F44D0000
|
| Size: |
4096
|
|
|
13C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1043790063.00000000013C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13C2000
|
| Size: |
4096
|
|
|
259E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1237402618.000000000259E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
259E000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126138843.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
6CD4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1495060704.0000000006CD4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CD4000
|
| Size: |
45056
|
|
|
9A2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1518029223.0000000009A2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9A2E000
|
| Size: |
8192
|
|
|
25E2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2286857137.00000000025E2000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
25E2000
|
| Size: |
4096
|
|
|
2BA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2283266472.00000000002BA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BA000
|
| Size: |
24576
|
|
|
13BD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1042544891.00000000013BD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13BD000
|
| Size: |
4096
|
|
|
A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1142215072.0000000000A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A20000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126249653.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
1690E20A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260304781.000001690E20A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E20A000
|
| Size: |
4096
|
|
|
7D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947123034.00000000007D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D6000
|
| Size: |
24576
|
|
|
197F425B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288813627.00000197F425B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F425B000
|
| Size: |
24576
|
|
|
1690E060000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260229376.000001690E060000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690E060000
|
| Size: |
12288
|
|
|
450000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2283369601.0000000000450000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
450000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132624574.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
42E000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1946595022.000000000042E000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42E000
|
| Size: |
4096
|
|
|
7632000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2143207475.0000000007632000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7632000
|
| Size: |
8192
|
|
|
350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867185307.0000000000350000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
350000
|
| Size: |
4096
|
|
|
7691000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.0000000007691000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7691000
|
| Size: |
12288
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131164843.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
7E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2284668278.00000000007E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E0000
|
| Size: |
20480
|
|
|
545797E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2284922828.000000545797E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
545797E000
|
| Size: |
8192
|
|
|
370000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2018790957.0000000000370000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
370000
|
| Size: |
4096
|
|
|
4260000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000018.00000002.2287028372.0000000004260000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4260000
|
| Size: |
94208
|
|
|
7638000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2143207475.0000000007638000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7638000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
83A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.000000000083A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83A000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
763A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.000000000763A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
763A000
|
| Size: |
8192
|
|
|
B3D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1165213706.0000000000B3D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B3D000
|
| Size: |
8192
|
|
|
43ED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2287330789.00000000043ED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43ED000
|
| Size: |
12288
|
|
|
880000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1115375654.0000000000880000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
880000
|
| Size: |
8192
|
|
|
5457F7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2285745764.0000005457F7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5457F7E000
|
| Size: |
8192
|
|
|
1946000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1947923718.0000000001946000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1946000
|
| Size: |
241664
|
|
|
1690E301000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260505088.000001690E301000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E301000
|
| Size: |
4096
|
|
|
4D60000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000006.00000002.1404309321.0000000004D60000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
4D60000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127310154.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
4772000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000018.00000002.2287550496.0000000004772000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4772000
|
| Size: |
40960
|
|
|
1320000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1648209941.0000000001320000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1320000
|
| Size: |
208896
|
|
|
3995000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1360842371.0000000003995000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3995000
|
| Size: |
4096
|
|
|
AC3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064947210.000000000AC3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AC3E000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1953796861.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
204800
|
|
|
4C12000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1384592780.0000000004C12000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C12000
|
| Size: |
57344
|
|
|
1690C720000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2259767068.000001690C720000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690C720000
|
| Size: |
8192
|
|
|
7620000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.0000000007620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7620000
|
| Size: |
4096
|
|
|
FBE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041414724.0000000000FBE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FBE000
|
| Size: |
151552
|
|
|
326000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867120516.0000000000326000.00000004.00000001.01000000.0000000E.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
326000
|
| Size: |
8192
|
|
|
4701000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000018.00000002.2287550496.0000000004701000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4701000
|
| Size: |
458752
|
|
|
4430000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000018.00000002.2287550496.0000000004430000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4430000
|
| Size: |
1208320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
197F4460000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289667354.00000197F4460000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4460000
|
| Size: |
4096
|
|
|
2E89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1044217117.0000000002E89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E89000
|
| Size: |
4816896
|
|
|
57F0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1058222772.00000000057F0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
57F0000
|
| Size: |
57344
|
|
|
293C000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1949135596.000000000293C000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
293C000
|
| Size: |
2985984
|
|
|
7D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947164040.00000000007D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D6000
|
| Size: |
24576
|
|
|
5410000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1055668597.0000000005410000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5410000
|
| Size: |
65536
|
|
|
198000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2283075366.0000000000198000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
198000
|
| Size: |
32768
|
|
|
823000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.0000000000823000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
823000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132703171.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
5457FFE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2285820699.0000005457FFE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5457FFE000
|
| Size: |
4096
|
|
|
690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284070133.0000000000690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
690000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126444192.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
AEE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1165213706.0000000000AEE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AEE000
|
| Size: |
294912
|
|
|
197EFA40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287884312.00000197EFA40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197EFA40000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128158237.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
54A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1056937534.00000000054A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
54A0000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128535815.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
7664000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.0000000007664000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7664000
|
| Size: |
8192
|
|
|
979000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2285513053.0000000000979000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
979000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
65A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1108627082.000000000065A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
65A000
|
| Size: |
24576
|
|
|
900000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2019090683.0000000000900000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
900000
|
| Size: |
16384
|
|
|
54A3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1056937534.00000000054A3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
54A3000
|
| Size: |
8192
|
|
|
54589FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2286238353.00000054589FE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
54589FE000
|
| Size: |
4096
|
|
|
1690C510000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000001C.00000002.2259590899.000001690C510000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
1690C510000
|
| Size: |
528384
|
|
|
859000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.0000000000859000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
859000
|
| Size: |
16384
|
|
|
1220000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1648167534.0000000001220000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1220000
|
| Size: |
20480
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2019034442.0000000000780000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
780000
|
| Size: |
4096
|
|
|
197EEC00000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286547895.00000197EEC00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC00000
|
| Size: |
73728
|
|
|
1B86000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1947923718.0000000001B86000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1B86000
|
| Size: |
8192
|
|
|
15B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2282957732.000000000015B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
15B000
|
| Size: |
20480
|
|
|
311000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000001B.00000002.2283064353.0000000000311000.00000020.00000001.01000000.0000000E.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
311000
|
| Size: |
57344
|
|
|
771000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2019012176.0000000000771000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
771000
|
| Size: |
12288
|
|
|
818000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.0000000000818000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
818000
|
| Size: |
8192
|
|
|
CC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1224590983.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CC0000
|
| Size: |
20480
|
|
|
197F428B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288918319.00000197F428B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F428B000
|
| Size: |
4096
|
|
|
326000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2018724452.0000000000326000.00000004.00000001.01000000.0000000E.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
326000
|
| Size: |
8192
|
|
|
950000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2285513053.0000000000950000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
950000
|
| Size: |
32768
|
|
|
45CE000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000018.00000002.2287550496.00000000045CE000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
45CE000
|
| Size: |
1220608
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127719802.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
2E7D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1044217117.0000000002E7D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E7D000
|
| Size: |
28672
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131647416.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
5620000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058085783.0000000005620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5620000
|
| Size: |
8192
|
|
|
13C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1043772422.00000000013C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13C0000
|
| Size: |
4096
|
|
|
197F4400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1204839167.00000197F4400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4400000
|
| Size: |
204800
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
360000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867209803.0000000000360000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
360000
|
| Size: |
4096
|
|
|
5457DFD000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2285558044.0000005457DFD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5457DFD000
|
| Size: |
12288
|
|
|
1931000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1648366255.0000000001931000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1931000
|
| Size: |
16384
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2122504891.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
5456DFE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2283402227.0000005456DFE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5456DFE000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2122589082.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
197EEC94000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287142132.00000197EEC94000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC94000
|
| Size: |
40960
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2146257869.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
A00000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1867391297.0000000000A00000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A00000
|
| Size: |
32768
|
|
|
31F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2283165997.000000000031F000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
31F000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
700000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1964225716.0000000000700000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
700000
|
| Size: |
151552
|
|
|
40C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2286904437.00000000040C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C0000
|
| Size: |
4096
|
|
|
750000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2284533167.0000000000750000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
4096
|
|
|
A4A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1165213706.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A4A000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2130340708.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
7BDF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2292362069.0000000007BDF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7BDF000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128925422.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
5F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2283793982.00000000005F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5F0000
|
| Size: |
4096
|
|
|
1690E3BE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000003.2206178815.000001690E3BE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E3BE000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132386373.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
853000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.0000000000853000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
853000
|
| Size: |
16384
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129056103.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
950000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2019145319.0000000000950000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
950000
|
| Size: |
32768
|
|
|
6C40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1482722679.0000000006C40000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6C40000
|
| Size: |
65536
|
|
|
129E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1946859708.000000000129E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
129E000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128199427.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
41ED000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1946839032.00000000041ED000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
41ED000
|
| Size: |
512000
|
|
|
3909000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1360842371.0000000003909000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3909000
|
| Size: |
4096
|
|
|
380000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2018813573.0000000000380000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
380000
|
| Size: |
4096
|
|
|
A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1140060049.0000000000A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A10000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2130254774.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
197EECA6000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287142132.00000197EECA6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EECA6000
|
| Size: |
94208
|
|
|
44083FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2259466795.00000044083FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44083FE000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131943466.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131060856.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132318759.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
3B1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1867228454.00000000003B1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
3B1000
|
| Size: |
12288
|
|
|
1250000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1946770046.0000000001250000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1250000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1967770348.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
1560000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1947432042.0000000001560000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1560000
|
| Size: |
4096
|
|
|
2CA4000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2286857137.0000000002CA4000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2CA4000
|
| Size: |
4096
|
|
|
7CD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.00000000007CD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7CD000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
765F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.000000000765F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
765F000
|
| Size: |
8192
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1113080204.00000000007A0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
4096
|
|
|
6CA8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1485716154.0000000006CA8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CA8000
|
| Size: |
155648
|
|
|
1690DF50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000003.2205547674.000001690DF50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690DF50000
|
| Size: |
4096
|
|
|
1690C630000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2259734795.000001690C630000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690C630000
|
| Size: |
4096
|
|
|
13B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1042446343.00000000013B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13B0000
|
| Size: |
40960
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2125037134.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
27A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1301297542.00000000027A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27A1000
|
| Size: |
327680
|
|
|
2CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1044043671.0000000002CA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CA0000
|
| Size: |
4096
|
|
|
CB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1221951356.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
CB0000
|
| Size: |
65536
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127903438.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
3836000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1360842371.0000000003836000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3836000
|
| Size: |
4096
|
|
|
13A4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1042175652.00000000013A4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13A4000
|
| Size: |
4096
|
|
|
4CF0000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000001B.00000002.2288356525.0000000004CF0000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
4CF0000
|
| Size: |
376832
|
|
|
197EED13000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287513763.00000197EED13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EED13000
|
| Size: |
20480
|
|
|
18C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1947923718.00000000018C0000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
18C0000
|
| Size: |
8192
|
|
|
197EEC90000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287142132.00000197EEC90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC90000
|
| Size: |
8192
|
|
|
4D70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1409002890.0000000004D70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D70000
|
| Size: |
4096
|
|
|
6FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2284474703.00000000006FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FD000
|
| Size: |
12288
|
|
|
4D4D000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000001B.00000002.2288356525.0000000004D4D000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
4D4D000
|
| Size: |
4096
|
|
|
620000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2283873662.0000000000620000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
620000
|
| Size: |
16384
|
|
|
6FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2284030425.00000000006FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FC000
|
| Size: |
16384
|
|
|
5ECD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058336159.0000000005ECD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5ECD000
|
| Size: |
12288
|
|
|
197F4140000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1225239708.00000197F4140000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4140000
|
| Size: |
4096
|
|
|
700000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1957937884.0000000000700000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
700000
|
| Size: |
151552
|
|
|
6840000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1457135048.0000000006840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6840000
|
| Size: |
53248
|
|
|
750000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2018958475.0000000000750000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
750000
|
| Size: |
4096
|
|
|
4E44000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2289221335.0000000004E44000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
4E44000
|
| Size: |
4096
|
|
|
2BA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1043947663.0000000002BA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BA0000
|
| Size: |
4096
|
|
|
2460000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867684013.0000000002460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2460000
|
| Size: |
8192
|
|
|
197F4240000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288697976.00000197F4240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F4240000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
250000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1866963920.0000000000250000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
250000
|
| Size: |
4096
|
|
|
7696000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2145354485.0000000007696000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7696000
|
| Size: |
8192
|
|
|
232C000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2286178556.000000000232C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
232C000
|
| Size: |
16384
|
|
|
197F40A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288251054.00000197F40A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F40A0000
|
| Size: |
4096
|
|
|
7D0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2284574296.00000000007D0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7D0000
|
| Size: |
4096
|
|
|
7440000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1061834655.0000000007440000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7440000
|
| Size: |
569344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
54583FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2286109911.00000054583FE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
54583FE000
|
| Size: |
4096
|
|
|
7565000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2133045728.0000000007565000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7565000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131469311.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2121220809.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
6FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058571775.0000000006FD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6FD0000
|
| Size: |
114688
|
|
|
12DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1946894021.00000000012DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12DE000
|
| Size: |
8192
|
|
|
3A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1360842371.0000000003A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A20000
|
| Size: |
4096
|
|
|
A10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1024058040.0000000000A10000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A10000
|
| Size: |
4096
|
|
|
5360000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1055622097.0000000005360000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5360000
|
| Size: |
65536
|
|
|
89F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.000000000089F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
89F000
|
| Size: |
49152
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128239076.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
4FB0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1434424408.0000000004FB0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4FB0000
|
| Size: |
53248
|
|
|
24F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2286632155.00000000024F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
24F0000
|
| Size: |
925696
|
|
|
13F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1043911370.00000000013F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F0000
|
| Size: |
20480
|
|
|
197F4470000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289770706.00000197F4470000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4470000
|
| Size: |
4096
|
|
|
54578FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2284796187.00000054578FE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
54578FE000
|
| Size: |
4096
|
|
|
22E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867582569.00000000022E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22E4000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127166827.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
5260000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1053893402.0000000005260000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5260000
|
| Size: |
65536
|
|
|
800000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2284748012.0000000000800000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
800000
|
| Size: |
32768
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129112698.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
197F44D0000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1206950648.00000197F44D0000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
197F44D0000
|
| Size: |
4096
|
|
|
7621000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2143207475.0000000007621000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7621000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131275082.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126896000.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
CD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1228875770.0000000000CD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CD0000
|
| Size: |
4096
|
|
|
757000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1110720124.0000000000757000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
757000
|
| Size: |
36864
|
|
|
23D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2286386627.00000000023D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23D4000
|
| Size: |
4096
|
|
|
1300000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1946950551.0000000001300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1300000
|
| Size: |
8192
|
|
|
2660000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1290117696.0000000002660000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2660000
|
| Size: |
65536
|
|
|
4C60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1398473979.0000000004C60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C60000
|
| Size: |
40960
|
|
|
2F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2283387443.00000000002F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2F0000
|
| Size: |
4096
|
|
|
5456BFE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2283176276.0000005456BFE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5456BFE000
|
| Size: |
4096
|
|
|
1690E20E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260304781.000001690E20E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E20E000
|
| Size: |
4096
|
|
|
1690E217000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260304781.000001690E217000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E217000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1967679505.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
208896
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127226960.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
2E85000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1044217117.0000000002E85000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E85000
|
| Size: |
4096
|
|
|
197F4306000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289297079.00000197F4306000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F4306000
|
| Size: |
24576
|
|
|
455D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000018.00000002.2287550496.000000000455D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
455D000
|
| Size: |
458752
|
|
|
23D4000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2019323944.00000000023D4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23D4000
|
| Size: |
4096
|
|
|
AE2000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1024295111.0000000000AE2000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
AE2000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
4D71000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000001B.00000002.2288356525.0000000004D71000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
4D71000
|
| Size: |
4096
|
|
|
13D7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1043877517.00000000013D7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13D7000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129546014.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
197F4255000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288813627.00000197F4255000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F4255000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
5AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2283593015.00000000005AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5AE000
|
| Size: |
8192
|
|
|
4FA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1430049121.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4FA0000
|
| Size: |
36864
|
|
|
197F4480000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289853818.00000197F4480000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4480000
|
| Size: |
4096
|
|
|
10FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1648014420.00000000010FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
10FC000
|
| Size: |
16384
|
|
|
EFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1946688412.0000000000EFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EFC000
|
| Size: |
16384
|
|
|
2DCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1044073060.0000000002DCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DCE000
|
| Size: |
8192
|
|
|
114E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041871306.000000000114E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
114E000
|
| Size: |
8192
|
|
|
A23000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1144601255.0000000000A23000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A23000
|
| Size: |
4096
|
|
|
197F42DC000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289143505.00000197F42DC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F42DC000
|
| Size: |
8192
|
|
|
A4FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1063978865.000000000A4FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A4FE000
|
| Size: |
8192
|
|
|
A74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1165213706.0000000000A74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A74000
|
| Size: |
32768
|
|
|
300000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1867030416.0000000000300000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
300000
|
| Size: |
4096
|
|
|
826000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2134430359.0000000000826000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
826000
|
| Size: |
16384
|
|
|
22E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867582569.00000000022E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22E0000
|
| Size: |
8192
|
|
|
6ABE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1469590464.0000000006ABE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6ABE000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132351153.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
2650000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1286897872.0000000002650000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2650000
|
| Size: |
16384
|
|
|
1690DF50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000003.2204896720.000001690DF50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690DF50000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127535504.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
197EECA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287142132.00000197EECA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EECA0000
|
| Size: |
16384
|
|
|
F74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041414724.0000000000F74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F74000
|
| Size: |
32768
|
|
|
98EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1514281173.00000000098EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
98EE000
|
| Size: |
8192
|
|
|
F3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041262247.0000000000F3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F3E000
|
| Size: |
8192
|
|
|
1460000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1947292597.0000000001460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1460000
|
| Size: |
24576
|
|
|
920000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2019115154.0000000000920000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
920000
|
| Size: |
4096
|
|
|
6BBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1471465357.0000000006BBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BBF000
|
| Size: |
4096
|
|
|
528E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1053936900.000000000528E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
528E000
|
| Size: |
4096
|
|
|
18C7000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1947923718.00000000018C7000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
18C7000
|
| Size: |
4096
|
|
|
720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284305909.0000000000720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
720000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132757150.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
826000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.0000000000826000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
826000
|
| Size: |
16384
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132248294.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129166173.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
4FF3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1436324595.0000000004FF3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FF3000
|
| Size: |
8192
|
|
|
7194000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059637675.0000000007194000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7194000
|
| Size: |
28672
|
|
|
31F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2018704226.000000000031F000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
31F000
|
| Size: |
28672
|
|
|
197EEC5B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286904164.00000197EEC5B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC5B000
|
| Size: |
69632
|
|
|
19E3000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1947923718.00000000019E3000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
19E3000
|
| Size: |
16384
|
|
|
7D2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947308576.00000000007D2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D2000
|
| Size: |
20480
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129275293.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2133454085.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
52D5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1055316518.00000000052D5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52D5000
|
| Size: |
45056
|
|
|
26A2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2286857137.00000000026A2000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
26A2000
|
| Size: |
4096
|
|
|
24EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2286545386.00000000024EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
24EC000
|
| Size: |
16384
|
|
|
BF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041220919.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BF0000
|
| Size: |
8192
|
|
|
7E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867296456.00000000007E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7E0000
|
| Size: |
20480
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132881895.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
54570F9000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2283767185.00000054570F9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
54570F9000
|
| Size: |
28672
|
|
|
56E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2283484420.000000000056E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56E000
|
| Size: |
8192
|
|
|
4842000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2289221335.0000000004842000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
4842000
|
| Size: |
4096
|
|
|
4F0F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2288942603.0000000004F0F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F0F000
|
| Size: |
4096
|
|
|
260E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1243966942.000000000260E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
260E000
|
| Size: |
4096
|
|
|
2611000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1243966942.0000000002611000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2611000
|
| Size: |
16384
|
|
|
B4A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1199279076.0000000000B4A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
B4A000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2122544206.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
197F4400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289461194.00000197F4400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4400000
|
| Size: |
4096
|
|
|
54579FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2285039204.00000054579FE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
54579FE000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2122822284.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
197EEC26000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286631139.00000197EEC26000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC26000
|
| Size: |
16384
|
|
|
311000
|
unkown
|
page execute read
|
|
|
|
| Name: |
0000001B.00000000.2018680260.0000000000311000.00000020.00000001.01000000.0000000E.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
311000
|
| Size: |
57344
|
|
|
4D5C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1402247662.0000000004D5C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D5C000
|
| Size: |
16384
|
|
|
C4A2000
|
system
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2257456832.000000000C4A2000.00000004.80000000.00040000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page read and write
|
| Base address: |
C4A2000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127058966.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
9DAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1528654510.0000000009DAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9DAE000
|
| Size: |
8192
|
|
|
5456AF7000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2283075976.0000005456AF7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5456AF7000
|
| Size: |
36864
|
|
|
13CA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1043829384.00000000013CA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13CA000
|
| Size: |
4096
|
|
|
767D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.000000000767D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
767D000
|
| Size: |
16384
|
|
|
624000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1949351461.0000000000624000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
624000
|
| Size: |
4096
|
|
|
825000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000003.1883946633.0000000000825000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
825000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
13A3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1042158289.00000000013A3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13A3000
|
| Size: |
4096
|
|
|
721E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1060705282.000000000721E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
721E000
|
| Size: |
8192
|
|
|
5450000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1056197586.0000000005450000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5450000
|
| Size: |
61440
|
|
|
13A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1042144454.00000000013A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13A0000
|
| Size: |
8192
|
|
|
A3FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1063925880.000000000A3FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A3FE000
|
| Size: |
8192
|
|
|
4DC8000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000001B.00000002.2288356525.0000000004DC8000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
4DC8000
|
| Size: |
262144
|
|
|
AAFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064615923.000000000AAFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AAFF000
|
| Size: |
4096
|
|
|
88B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.000000000088B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
88B000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2125786117.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
194D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1648366255.000000000194D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
194D000
|
| Size: |
4096
|
|
|
4C00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1381181411.0000000004C00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C00000
|
| Size: |
4096
|
|
|
197EEC7D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287142132.00000197EEC7D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC7D000
|
| Size: |
4096
|
|
|
4DB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1420143254.0000000004DB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4DB0000
|
| Size: |
4096
|
|
|
1690C599000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000001C.00000002.2259590899.000001690C599000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
1690C599000
|
| Size: |
4096
|
|
|
31F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1867098718.000000000031F000.00000002.00000001.01000000.0000000E.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
31F000
|
| Size: |
28672
|
|
|
54576FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2284573669.00000054576FE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
54576FE000
|
| Size: |
4096
|
|
|
2636000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1269846936.0000000002636000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2636000
|
| Size: |
40960
|
|
|
4D73000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000001B.00000002.2288356525.0000000004D73000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
4D73000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126751960.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128661372.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128824307.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
2F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1867009074.00000000002F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
2F0000
|
| Size: |
4096
|
|
|
326000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2283934859.0000000000326000.00000004.00000001.01000000.0000000E.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
326000
|
| Size: |
8192
|
|
|
27F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1301297542.00000000027F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27F4000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
44093FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2259522360.00000044093FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
44093FE000
|
| Size: |
8192
|
|
|
1ED4000
|
unclassified section
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1949135596.0000000001ED4000.00000040.10000000.00040000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page execute and read and write
|
| Base address: |
1ED4000
|
| Size: |
4096
|
|
|
197F4170000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1205021068.00000197F4170000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4170000
|
| Size: |
4096
|
|
|
7686000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2145354485.0000000007686000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7686000
|
| Size: |
8192
|
|
|
5430000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1055730449.0000000005430000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5430000
|
| Size: |
65536
|
|
|
F82000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041414724.0000000000F82000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F82000
|
| Size: |
20480
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2122463052.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
54574FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2284256584.00000054574FE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
54574FE000
|
| Size: |
4096
|
|
|
70D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058643257.00000000070D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70D0000
|
| Size: |
65536
|
|
|
433E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2287111077.000000000433E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
433E000
|
| Size: |
8192
|
|
|
197EEB70000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286351410.00000197EEB70000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEB70000
|
| Size: |
4096
|
|
|
52A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1053936900.00000000052A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52A2000
|
| Size: |
49152
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128120526.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
1690C779000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260029052.000001690C779000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690C779000
|
| Size: |
65536
|
|
|
56B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058112398.00000000056B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
56B0000
|
| Size: |
65536
|
|
|
7107000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059087710.0000000007107000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7107000
|
| Size: |
8192
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2018988625.0000000000760000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
4096
|
|
|
4C20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1390634132.0000000004C20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4C20000
|
| Size: |
65536
|
|
|
197EEC8E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287142132.00000197EEC8E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC8E000
|
| Size: |
4096
|
|
|
9C6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1524436606.0000000009C6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9C6F000
|
| Size: |
4096
|
|
|
4DF0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1422874793.0000000004DF0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
4DF0000
|
| Size: |
4096
|
|
|
230000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1866857109.0000000000230000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
230000
|
| Size: |
4096
|
|
|
7B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.00000000007B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7B8000
|
| Size: |
77824
|
|
|
22E4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2285555009.00000000022E4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
22E4000
|
| Size: |
4096
|
|
|
311000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000017.00000002.2283706991.0000000000311000.00000020.00000001.01000000.0000000E.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
311000
|
| Size: |
57344
|
|
|
2BEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1043969730.0000000002BEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BEE000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2121359742.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
7CAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1063335740.0000000007CAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7CAE000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2124440363.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
2690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1297439950.0000000002690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2690000
|
| Size: |
4096
|
|
|
197EFB60000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2288006700.00000197EFB60000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
197EFB60000
|
| Size: |
65536
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2146183254.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
2807000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1301297542.0000000002807000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2807000
|
| Size: |
4096
|
|
|
5480000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1056413192.0000000005480000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5480000
|
| Size: |
12288
|
|
|
6CE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1495060704.0000000006CE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6CE0000
|
| Size: |
4096
|
|
|
23E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2019367245.00000000023E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23E0000
|
| Size: |
8192
|
|
|
A7F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1165213706.0000000000A7F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A7F000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132506605.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
7D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947164040.00000000007D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D1000
|
| Size: |
4096
|
|
|
CB64000
|
system
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2257456832.000000000CB64000.00000004.80000000.00040000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page read and write
|
| Base address: |
CB64000
|
| Size: |
4096
|
|
|
4C10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1384592780.0000000004C10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C10000
|
| Size: |
4096
|
|
|
5457BFE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2285253844.0000005457BFE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5457BFE000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131508803.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
6BC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1473496002.0000000006BC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BC0000
|
| Size: |
61440
|
|
|
4782000
|
unclassified section
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2289221335.0000000004782000.00000004.10000000.00040000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
unclassified section
|
| Protect: |
page read and write
|
| Base address: |
4782000
|
| Size: |
4096
|
|
|
900000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2285330828.0000000000900000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
900000
|
| Size: |
16384
|
|
|
280B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1301297542.000000000280B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
280B000
|
| Size: |
4808704
|
|
|
7693000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2145354485.0000000007693000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7693000
|
| Size: |
4096
|
|
|
5320000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1055507837.0000000005320000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
54575FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2284396142.00000054575FE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
54575FE000
|
| Size: |
4096
|
|
|
5457C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2285364794.0000005457C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5457C7E000
|
| Size: |
8192
|
|
|
7680000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2145354485.0000000007680000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7680000
|
| Size: |
4096
|
|
|
1690C59B000
|
system
|
page execute and read and write
|
|
|
|
| Name: |
0000001C.00000002.2259590899.000001690C59B000.00000040.80000000.00040000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page execute and read and write
|
| Base address: |
1690C59B000
|
| Size: |
4096
|
|
|
FFB000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1946737322.0000000000FFB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FFB000
|
| Size: |
20480
|
|
|
95A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2019145319.000000000095A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
95A000
|
| Size: |
8192
|
|
|
197EEC59000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286795949.00000197EEC59000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC59000
|
| Size: |
4096
|
|
|
40CA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1946839032.00000000040CA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40CA000
|
| Size: |
1187840
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
360000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2284293117.0000000000360000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
360000
|
| Size: |
4096
|
|
|
84A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2136689322.000000000084A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
84A000
|
| Size: |
4096
|
|
|
A00000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2285040897.0000000000A00000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
A00000
|
| Size: |
32768
|
|
|
B46000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1197532158.0000000000B46000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
B46000
|
| Size: |
8192
|
|
|
5270000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1053936900.0000000005270000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5270000
|
| Size: |
12288
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2146218069.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2125120319.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
197F4160000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1204985846.00000197F4160000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4160000
|
| Size: |
8192
|
|
|
1B71000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1947923718.0000000001B71000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1B71000
|
| Size: |
4096
|
|
|
685B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1457135048.000000000685B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
685B000
|
| Size: |
4096
|
|
|
545650B000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2282943541.000000545650B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
545650B000
|
| Size: |
20480
|
|
|
740000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284474768.0000000000740000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
740000
|
| Size: |
16384
|
|
|
95E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2285513053.000000000095E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
95E000
|
| Size: |
94208
|
|
|
185F000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1947488111.000000000185F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
185F000
|
| Size: |
4096
|
|
|
197EF701000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287825361.00000197EF701000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197EF701000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128365734.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
3EA000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2283790770.00000000003EA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
3EA000
|
| Size: |
24576
|
|
|
197F4140000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1204742457.00000197F4140000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4140000
|
| Size: |
8192
|
|
|
43AC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2287217369.00000000043AC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
43AC000
|
| Size: |
16384
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126618875.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
7ADF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2291947505.0000000007ADF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7ADF000
|
| Size: |
4096
|
|
|
489D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1378339947.000000000489D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
489D000
|
| Size: |
12288
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131898003.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1953939639.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
4D80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1411312132.0000000004D80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D80000
|
| Size: |
4096
|
|
|
25E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1241342848.00000000025E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25E0000
|
| Size: |
65536
|
|
|
A53D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064027675.000000000A53D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A53D000
|
| Size: |
12288
|
|
|
2E10000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1044192164.0000000002E10000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2E10000
|
| Size: |
4096
|
|
|
41C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2286962103.00000000041C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
41C0000
|
| Size: |
94208
|
|
|
2E0C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1044093720.0000000002E0C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E0C000
|
| Size: |
16384
|
|
|
AC7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1065001867.000000000AC7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AC7C000
|
| Size: |
16384
|
|
|
360000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2018770363.0000000000360000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
360000
|
| Size: |
4096
|
|
|
740000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2284378074.0000000000740000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
740000
|
| Size: |
4096
|
|
|
BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041200081.0000000000BE0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BE0000
|
| Size: |
4096
|
|
|
197EEC13000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286631139.00000197EEC13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC13000
|
| Size: |
73728
|
|
|
71A6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059762261.00000000071A6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71A6000
|
| Size: |
81920
|
|
|
197F428D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288918319.00000197F428D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F428D000
|
| Size: |
274432
|
|
|
5460000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1056239909.0000000005460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2121434914.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2130207419.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131685212.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126581825.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
1690E200000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260284444.000001690E200000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E200000
|
| Size: |
4096
|
|
|
9DEC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1538104399.0000000009DEC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9DEC000
|
| Size: |
16384
|
|
|
387C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1360842371.000000000387C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
387C000
|
| Size: |
4096
|
|
|
CA0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1219750597.0000000000CA0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
CA0000
|
| Size: |
4096
|
|
|
545747E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2284152759.000000545747E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
545747E000
|
| Size: |
8192
|
|
|
22A0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1867546106.00000000022A0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
22A0000
|
| Size: |
16384
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128768023.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126966194.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
76AA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2145354485.00000000076AA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76AA000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2123489879.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126825472.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129385823.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1231029185.0000000000CF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CF0000
|
| Size: |
16384
|
|
|
80E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2284748012.000000000080E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
80E000
|
| Size: |
94208
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127091974.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
197EEC78000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286904164.00000197EEC78000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC78000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2146054384.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
19C8000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1648366255.00000000019C8000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
19C8000
|
| Size: |
16384
|
|
|
730000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2284266194.0000000000730000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
730000
|
| Size: |
4096
|
|
|
1B8D000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1947923718.0000000001B8D000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1B8D000
|
| Size: |
4096
|
|
|
C562000
|
system
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2257456832.000000000C562000.00000004.80000000.00040000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
system
|
| Protect: |
page read and write
|
| Base address: |
C562000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127639026.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
EE1000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2286025252.0000000000EE1000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
EE1000
|
| Size: |
352256
|
|
|
23D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2286386627.00000000023D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23D0000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2130169487.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
B70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1209820783.0000000000B70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B70000
|
| Size: |
4096
|
|
|
813000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2134430359.0000000000813000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
813000
|
| Size: |
8192
|
|
|
763D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2143207475.000000000763D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
763D000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2124759346.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
1690C7A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260029052.000001690C7A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690C7A2000
|
| Size: |
24576
|
|
|
1680000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000005.00000002.1648366255.0000000001680000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1680000
|
| Size: |
1208320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
A3D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1163492749.0000000000A3D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A3D000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131767367.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131095859.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
740000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2018933531.0000000000740000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
740000
|
| Size: |
4096
|
|
|
43A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1948941056.00000000043A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
43A5000
|
| Size: |
4096
|
|
|
25F7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1243966942.00000000025F7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
25F7000
|
| Size: |
4096
|
|
|
BD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041156969.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD5000
|
| Size: |
16384
|
|
|
870000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.0000000000870000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
870000
|
| Size: |
4096
|
|
|
4C30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1393988218.0000000004C30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4C30000
|
| Size: |
8192
|
|
|
A7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2286846756.0000000000A7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A7E000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2121319667.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
7635000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.0000000007635000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7635000
|
| Size: |
8192
|
|
|
197F4141000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1271465284.00000197F4141000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4141000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127836747.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
139E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1042126122.000000000139E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
139E000
|
| Size: |
8192
|
|
|
7696000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.0000000007696000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7696000
|
| Size: |
12288
|
|
|
8EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1135215457.00000000008EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8EE000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2122654034.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
529D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1053936900.000000000529D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
529D000
|
| Size: |
16384
|
|
|
197EFC80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288173036.00000197EFC80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197EFC80000
|
| Size: |
4096
|
|
|
73A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1061419740.00000000073A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
73A0000
|
| Size: |
65536
|
|
|
7A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2019066763.00000000007A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A0000
|
| Size: |
20480
|
|
|
197F4174000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1205021068.00000197F4174000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4174000
|
| Size: |
4096
|
|
|
9B2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1519780950.0000000009B2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B2E000
|
| Size: |
8192
|
|
|
13C6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1043805281.00000000013C6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13C6000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127379321.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2122142945.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
54571FE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2283870044.00000054571FE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
54571FE000
|
| Size: |
4096
|
|
|
418000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1946595022.0000000000418000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
418000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131384842.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
197F4130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288418108.00000197F4130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4130000
|
| Size: |
4096
|
|
|
BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1214471979.0000000000BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BFE000
|
| Size: |
8192
|
|
|
25E2000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2019521438.00000000025E2000.00000004.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
25E2000
|
| Size: |
4096
|
|
|
4D90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1413606842.0000000004D90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D90000
|
| Size: |
12288
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2121505744.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
5490000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1056702197.0000000005490000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5490000
|
| Size: |
65536
|
|
|
5291000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1053936900.0000000005291000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5291000
|
| Size: |
16384
|
|
|
6FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867253866.00000000006FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FD000
|
| Size: |
12288
|
|
|
A2D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1157973464.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A2D000
|
| Size: |
4096
|
|
|
9CAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1526311813.0000000009CAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9CAE000
|
| Size: |
8192
|
|
|
1690E3C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000003.2206178815.000001690E3C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E3C4000
|
| Size: |
24576
|
|
|
7630000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2290950768.0000000007630000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7630000
|
| Size: |
8192
|
|
|
885000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.0000000000885000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
885000
|
| Size: |
12288
|
|
|
B50000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2019227369.0000000000B50000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B50000
|
| Size: |
32768
|
|
|
2670000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1295175440.0000000002670000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2670000
|
| Size: |
65536
|
|
|
380000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000002.2283688605.0000000000380000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
380000
|
| Size: |
4096
|
|
|
83A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2134430359.000000000083A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83A000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
95E000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2019145319.000000000095E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
95E000
|
| Size: |
90112
|
|
|
50FD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1440793995.00000000050FD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50FD000
|
| Size: |
12288
|
|
|
129F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1042099768.000000000129F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
129F000
|
| Size: |
4096
|
|
|
197F00A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288221711.00000197F00A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F00A0000
|
| Size: |
4096
|
|
|
70F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059053273.00000000070F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
70F8000
|
| Size: |
12288
|
|
|
24F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2019390671.00000000024F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
24F0000
|
| Size: |
925696
|
|
|
197EECFF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287372556.00000197EECFF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EECFF000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2122106164.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2130453271.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
1690E100000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2260254211.000001690E100000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1690E100000
|
| Size: |
4096
|
|
|
7D6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947206121.00000000007D6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7D6000
|
| Size: |
24576
|
|
|
197EED29000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2287567108.00000197EED29000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EED29000
|
| Size: |
4096
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2284720363.0000000000760000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
760000
|
| Size: |
4096
|
|
|
730000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000001B.00000000.2018911919.0000000000730000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
730000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128312266.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
5457EFE000
|
unkown
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2285654390.0000005457EFE000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
5457EFE000
|
| Size: |
4096
|
|
|
9EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1137249162.00000000009EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9EF000
|
| Size: |
4096
|
|
|
22C0000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1867563350.00000000022C0000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
22C0000
|
| Size: |
4096
|
|
|
2E21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1044217117.0000000002E21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E21000
|
| Size: |
327680
|
|
|
197EEC2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286741046.00000197EEC2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC2B000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
F4E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041283856.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F4E000
|
| Size: |
65536
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2133229697.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
1690C750000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2259936413.000001690C750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1690C750000
|
| Size: |
4096
|
|
|
4DA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000006.00000002.1417717533.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4DA0000
|
| Size: |
65536
|
|
|
EF7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041242099.0000000000EF7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
EF7000
|
| Size: |
36864
|
|
|
823000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2134430359.0000000000823000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
823000
|
| Size: |
4096
|
|
|
B52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1201781770.0000000000B52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
B52000
|
| Size: |
4096
|
|
|
5296000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1053936900.0000000005296000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5296000
|
| Size: |
16384
|
|
|
22F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000002.2285748492.00000000022F0000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
22F0000
|
| Size: |
925696
|
|
|
7CB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1947387243.00000000007CB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7CB000
|
| Size: |
28672
|
|
|
13DB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1043896926.00000000013DB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
13DB000
|
| Size: |
4096
|
|
|
5350000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1055566130.0000000005350000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5350000
|
| Size: |
4096
|
|
|
71C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059762261.00000000071C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
71C1000
|
| Size: |
8192
|
|
|
311000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000017.00000000.1867069810.0000000000311000.00000020.00000001.01000000.0000000E.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
311000
|
| Size: |
57344
|
|
|
197EEC73000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286904164.00000197EEC73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197EEC73000
|
| Size: |
4096
|
|
|
197F44D0000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000003.1206972621.00000197F44D0000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
197F44D0000
|
| Size: |
4096
|
|
|
5750000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1445217886.0000000005750000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5750000
|
| Size: |
69632
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2128713134.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
D90000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1867503611.0000000000D90000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
D90000
|
| Size: |
356352
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the Windows Explorer process (often used for injection) |
HIPS / PFW / Operating System Protection Evasion |
|
|
|
4409BFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001C.00000002.2259568160.0000004409BFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
28
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4409BFE000
|
| Size: |
8192
|
|
|
197F424D000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288813627.00000197F424D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F424D000
|
| Size: |
20480
|
|
|
197EFB90000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
0000000C.00000002.2288127305.00000197EFB90000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
197EFB90000
|
| Size: |
65536
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2122249422.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
A640000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1064120571.000000000A640000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A640000
|
| Size: |
36864
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132162250.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
12E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000A.00000002.1946922529.00000000012E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12E0000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132212627.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
80A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000002.2284748012.000000000080A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
80A000
|
| Size: |
8192
|
|
|
6940000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1464435602.0000000006940000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6940000
|
| Size: |
65536
|
|
|
46FD000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000018.00000002.2287550496.00000000046FD000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
46FD000
|
| Size: |
4096
|
|
|
279C000
|
unkown
|
page execute and read and write
|
|
|
|
| Name: |
00000017.00000002.2286306254.000000000279C000.00000040.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute and read and write
|
| Base address: |
279C000
|
| Size: |
10485760
|
|
|
13D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1043859302.00000000013D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13D2000
|
| Size: |
4096
|
|
|
B7A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041137082.0000000000B7A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B7A000
|
| Size: |
24576
|
|
|
23E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2286489595.00000000023E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
23E0000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127134298.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
2BA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000017.00000000.1866986134.00000000002BA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2BA000
|
| Size: |
24576
|
|
|
13D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1043844761.00000000013D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13D0000
|
| Size: |
4096
|
|
|
340000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000017.00000000.1867163616.0000000000340000.00000002.00000001.00040000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
340000
|
| Size: |
4096
|
|
|
920000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000001B.00000002.2285424796.0000000000920000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
920000
|
| Size: |
4096
|
|
|
4C40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1395602462.0000000004C40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C40000
|
| Size: |
65536
|
|
|
7154000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1059266987.0000000007154000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7154000
|
| Size: |
8192
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2132805914.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
5456EFC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2283516797.0000005456EFC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5456EFC000
|
| Size: |
16384
|
|
|
837000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000017.00000003.1883946633.0000000000837000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
23
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
837000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126789881.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
197EEBC0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2286491835.00000197EEBC0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
197EEBC0000
|
| Size: |
4096
|
|
|
850000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.0000000000850000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
850000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2126997616.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
BD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041156969.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BD0000
|
| Size: |
16384
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129737620.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1165213706.0000000000A40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
36864
|
|
|
6FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000001B.00000000.2018865864.00000000006FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
27
|
| Dumpstage: |
process new
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FC000
|
| Size: |
16384
|
|
|
F7F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041414724.0000000000F7F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F7F000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2129226971.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
55F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1058061641.00000000055F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
55F0000
|
| Size: |
8192
|
|
|
442E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2287424075.000000000442E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
442E000
|
| Size: |
8192
|
|
|
545757E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2284345273.000000545757E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
545757E000
|
| Size: |
8192
|
|
|
7B5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2292075740.0000000007B5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B5F000
|
| Size: |
4096
|
|
|
197F4110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288320890.00000197F4110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4110000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131541874.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
F60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1041414724.0000000000F60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
F60000
|
| Size: |
77824
|
|
|
427C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.1948941056.000000000427C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
427C000
|
| Size: |
1196032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2121750329.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
881000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000002.2284749920.0000000000881000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
881000
|
| Size: |
8192
|
|
|
A81000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1165213706.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A81000
|
| Size: |
397312
|
|
|
197F42EF000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2289252920.00000197F42EF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
197F42EF000
|
| Size: |
20480
|
|
|
8A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1117116176.00000000008A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8A0000
|
| Size: |
16384
|
|
|
5180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1442402113.0000000005180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5180000
|
| Size: |
65536
|
|
|
756D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2141783598.000000000756D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
756D000
|
| Size: |
618496
|
|
|
2803000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1301297542.0000000002803000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2803000
|
| Size: |
12288
|
|
|
13F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1043911370.00000000013F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F7000
|
| Size: |
32768
|
|
|
197F40B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288282907.00000197F40B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F40B0000
|
| Size: |
4096
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2131578728.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
8192
|
|
|
52F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1055471617.00000000052F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52F0000
|
| Size: |
65536
|
|
|
D50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000005.00000002.1647885710.0000000000D50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
5
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D50000
|
| Size: |
16384
|
|
|
4C6B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1398473979.0000000004C6B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4C6B000
|
| Size: |
20480
|
|
|
1940000
|
direct allocation
|
page execute and read and write
|
|
|
|
| Name: |
0000000A.00000002.1947923718.0000000001940000.00000040.00001000.00020000.00000000.sdmp
|
| TargetID: |
10
|
| Dumpstage: |
process exit
|
| Regiontype: |
direct allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1940000
|
| Size: |
16384
|
|
|
40C1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2127963960.00000000040C1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
40C1000
|
| Size: |
4096
|
|
|
4F1C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1053799903.0000000004F1C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F1C000
|
| Size: |
16384
|
|
|
197F4120000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
0000000C.00000002.2288346609.00000197F4120000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
12
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
197F4120000
|
| Size: |
4096
|
|
|
769F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000018.00000003.2145354485.000000000769F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
24
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
769F000
|
| Size: |
8192
|
|
