|
402000
|
remote allocation
|
page execute and read and write
|
 |
|
|
| Name: |
00000007.00000002.963031933.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
402000
|
| Size: |
274432
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6CD1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6CD1000
|
| Size: |
319488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
47A2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.919930571.00000000047A2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
47A2000
|
| Size: |
827392
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6BF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.967408426.0000000006BF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BF1000
|
| Size: |
692224
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4784000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.977426984.0000000004784000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4784000
|
| Size: |
827392
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2CDE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973111646.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CDE000
|
| Size: |
8192
|
|
|
252D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949354013.000000000252D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
252D000
|
| Size: |
12288
|
|
|
14C42A94000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2809000032.0000014C42A94000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A94000
|
| Size: |
40960
|
|
|
6AA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350351920.0000000006AA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AA0000
|
| Size: |
20480
|
|
|
4F09000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963667134.0000000004F09000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F09000
|
| Size: |
12288
|
|
|
2D30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973548974.0000000002D30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D30000
|
| Size: |
65536
|
|
|
6AAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350351920.0000000006AAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AAB000
|
| Size: |
8192
|
|
|
B00000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.875027827.0000000000B00000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B00000
|
| Size: |
4096
|
|
|
5102000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349762387.0000000005102000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5102000
|
| Size: |
4096
|
|
|
50E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349589246.00000000050E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50E0000
|
| Size: |
8192
|
|
|
6AE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350727022.0000000006AE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AE0000
|
| Size: |
65536
|
|
|
9FF87E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.2810337185.00000009FF87E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9FF87E000
|
| Size: |
4096
|
|
|
7012000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.980377866.0000000007012000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7012000
|
| Size: |
16384
|
|
|
922D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3356661572.000000000922D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
922D000
|
| Size: |
12288
|
|
|
50ED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3349658084.00000000050ED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50ED000
|
| Size: |
4096
|
|
|
7040D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.982730713.000000007040D000.00000004.00000001.01000000.0000000D.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7040D000
|
| Size: |
8192
|
|
|
5700000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921803742.0000000005700000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5700000
|
| Size: |
4096
|
|
|
1382000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972673001.0000000001382000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1382000
|
| Size: |
4096
|
|
|
A6F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3362581031.000000000A6F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A6F0000
|
| Size: |
49152
|
|
|
14C48252000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811830403.0000014C48252000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C48252000
|
| Size: |
4096
|
|
|
2B50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.894714107.0000000002B50000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2B50000
|
| Size: |
4096
|
|
|
7F5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007F5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F5C000
|
| Size: |
4096
|
|
|
12A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917977228.00000000012A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A0000
|
| Size: |
28672
|
|
|
7B9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981946082.0000000007B9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B9D000
|
| Size: |
12288
|
|
|
7FE3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007FE3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FE3000
|
| Size: |
16384
|
|
|
5117000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3349940544.0000000005117000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5117000
|
| Size: |
4096
|
|
|
56FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921778849.00000000056FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
56FC000
|
| Size: |
16384
|
|
|
14C482F6000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812406168.0000014C482F6000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C482F6000
|
| Size: |
4096
|
|
|
703F1000
|
unkown
|
page execute read
|
|
|
|
| Name: |
00000000.00000002.925849194.00000000703F1000.00000020.00000001.01000000.0000000D.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page execute read
|
| Base address: |
703F1000
|
| Size: |
86016
|
|
|
14C43313000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808829648.0000014C43313000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C43313000
|
| Size: |
28672
|
|
|
7CF0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923816449.0000000007CF0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7CF0000
|
| Size: |
557056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
5500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.978822898.0000000005500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5500000
|
| Size: |
36864
|
|
|
A400000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.925620486.000000000A400000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A400000
|
| Size: |
4096
|
|
|
6D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D80000
|
| Size: |
8192
|
|
|
14C48029000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1203171723.0000014C48029000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48029000
|
| Size: |
28672
|
|
|
5710000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921826451.0000000005710000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5710000
|
| Size: |
24576
|
|
|
1055000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971253587.0000000001055000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1055000
|
| Size: |
286720
|
|
|
5430000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921325961.0000000005430000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5430000
|
| Size: |
57344
|
|
|
14C42B17000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811334064.0000014C42B17000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42B17000
|
| Size: |
8192
|
|
|
9FDE7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.2810149945.00000009FDE7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9FDE7E000
|
| Size: |
4096
|
|
|
1010000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971253587.0000000001010000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1010000
|
| Size: |
28672
|
|
|
2D06000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973345738.0000000002D06000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D06000
|
| Size: |
40960
|
|
|
3F44000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.977426984.0000000003F44000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3F44000
|
| Size: |
4096
|
|
|
14C42AA5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2809000032.0000014C42AA5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42AA5000
|
| Size: |
28672
|
|
|
14C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918544424.00000000014C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C0000
|
| Size: |
4096
|
|
|
9FED79000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2810223348.00000009FED79000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FED79000
|
| Size: |
28672
|
|
|
56A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921705297.00000000056A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
56A5000
|
| Size: |
40960
|
|
|
6FF8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006FF8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FF8000
|
| Size: |
4096
|
|
|
14E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918654147.00000000014E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14E0000
|
| Size: |
4096
|
|
|
3EB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.977426984.0000000003EB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3EB2000
|
| Size: |
4096
|
|
|
14C42A6C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2810882391.0000014C42A6C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A6C000
|
| Size: |
65536
|
|
|
5650000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921537840.0000000005650000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5650000
|
| Size: |
65536
|
|
|
14AD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.918396006.00000000014AD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14AD000
|
| Size: |
4096
|
|
|
7A0D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981836218.0000000007A0D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A0D000
|
| Size: |
12288
|
|
|
8034000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000008034000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8034000
|
| Size: |
4096
|
|
|
6E5D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E5D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E5D000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6E81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E81000
|
| Size: |
4096
|
|
|
2E4C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918830373.0000000002E4C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E4C000
|
| Size: |
16384
|
|
|
10C3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971253587.00000000010C3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10C3000
|
| Size: |
4096
|
|
|
71CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981130009.00000000071CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
71CE000
|
| Size: |
8192
|
|
|
5130000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964401809.0000000005130000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5130000
|
| Size: |
12288
|
|
|
A56E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3361203280.000000000A56E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A56E000
|
| Size: |
8192
|
|
|
5830000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.979742191.0000000005830000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5830000
|
| Size: |
65536
|
|
|
5740000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979145731.0000000005740000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5740000
|
| Size: |
24576
|
|
|
7EF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007EF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EF6000
|
| Size: |
12288
|
|
|
5E10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.980102065.0000000005E10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E10000
|
| Size: |
4096
|
|
|
14C43F11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2807625710.0000014C43F11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C43F11000
|
| Size: |
4096
|
|
|
137A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.972432849.000000000137A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
137A000
|
| Size: |
8192
|
|
|
4FD5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964119028.0000000004FD5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FD5000
|
| Size: |
8192
|
|
|
77CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981753361.00000000077CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
77CE000
|
| Size: |
8192
|
|
|
A770000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3362951592.000000000A770000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A770000
|
| Size: |
8192
|
|
|
50E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349634298.00000000050E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50E4000
|
| Size: |
8192
|
|
|
14C43302000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808546713.0000014C43302000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C43302000
|
| Size: |
4096
|
|
|
6DB6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006DB6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DB6000
|
| Size: |
4096
|
|
|
9FDB7C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2809998674.00000009FDB7C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FDB7C000
|
| Size: |
16384
|
|
|
4F9A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963667134.0000000004F9A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F9A000
|
| Size: |
4096
|
|
|
4EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349453961.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EA0000
|
| Size: |
16384
|
|
|
7003000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000007003000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7003000
|
| Size: |
376832
|
|
|
A780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3363049672.000000000A780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A780000
|
| Size: |
40960
|
|
|
14C48200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811582411.0000014C48200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C48200000
|
| Size: |
110592
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
135D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.972223271.000000000135D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
135D000
|
| Size: |
4096
|
|
|
9FD577000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2809622671.00000009FD577000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FD577000
|
| Size: |
36864
|
|
|
14C42B02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2807543835.0000014C42B02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42B02000
|
| Size: |
45056
|
|
|
7CF9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007CF9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7CF9000
|
| Size: |
176128
|
|
|
AA1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.925773272.000000000AA1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AA1E000
|
| Size: |
8192
|
|
|
A760000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3362848486.000000000A760000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A760000
|
| Size: |
65536
|
|
|
51F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350288613.00000000051F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
51F0000
|
| Size: |
16384
|
|
|
5660000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921583524.0000000005660000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5660000
|
| Size: |
32768
|
|
|
14C47FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808120801.0000014C47FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C47FF0000
|
| Size: |
4096
|
|
|
14C48014000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1203343921.0000014C48014000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48014000
|
| Size: |
4096
|
|
|
7C7E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981981655.0000000007C7E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C7E000
|
| Size: |
8192
|
|
|
7C1D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923774925.0000000007C1D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C1D000
|
| Size: |
12288
|
|
|
A6C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3362011840.000000000A6C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A6C0000
|
| Size: |
8192
|
|
|
9E8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.971108756.0000000009E8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9E8E000
|
| Size: |
8192
|
|
|
1140000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917766690.0000000001140000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1140000
|
| Size: |
16384
|
|
|
7FAF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007FAF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FAF000
|
| Size: |
8192
|
|
|
14C47FB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2807460192.0000014C47FB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C47FB0000
|
| Size: |
4096
|
|
|
14C42A9F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2809000032.0000014C42A9F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A9F000
|
| Size: |
20480
|
|
|
14C48284000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812056598.0000014C48284000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C48284000
|
| Size: |
118784
|
|
|
1018000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971253587.0000000001018000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1018000
|
| Size: |
16384
|
|
|
53E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921208528.00000000053E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53E0000
|
| Size: |
65536
|
|
|
517E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964433000.000000000517E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
517E000
|
| Size: |
8192
|
|
|
56B0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.921756368.00000000056B0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
56B0000
|
| Size: |
4096
|
|
|
14C4822C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811706236.0000014C4822C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C4822C000
|
| Size: |
65536
|
|
|
6D8C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D8C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D8C000
|
| Size: |
8192
|
|
|
779E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923489647.000000000779E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
779E000
|
| Size: |
8192
|
|
|
14C4825F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812034638.0000014C4825F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C4825F000
|
| Size: |
12288
|
|
|
6F3B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006F3B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F3B000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
525B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964616226.000000000525B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
525B000
|
| Size: |
20480
|
|
|
51BC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350025535.00000000051BC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
51BC000
|
| Size: |
16384
|
|
|
5320000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.978613386.0000000005320000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5320000
|
| Size: |
4096
|
|
|
14C47FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1223286041.0000014C47FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C47FD0000
|
| Size: |
4096
|
|
|
FC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917631914.0000000000FC0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FC0000
|
| Size: |
4096
|
|
|
14F7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918681313.00000000014F7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F7000
|
| Size: |
32768
|
|
|
790D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981803847.000000000790D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
790D000
|
| Size: |
12288
|
|
|
14C43215000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811561462.0000014C43215000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C43215000
|
| Size: |
4096
|
|
|
14C48240000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811706236.0000014C48240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C48240000
|
| Size: |
49152
|
|
|
722E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922557335.000000000722E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
722E000
|
| Size: |
8192
|
|
|
14C42AB5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811195456.0000014C42AB5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42AB5000
|
| Size: |
24576
|
|
|
A750000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3362692239.000000000A750000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A750000
|
| Size: |
65536
|
|
|
71D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922506273.00000000071D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71D0000
|
| Size: |
65536
|
|
|
53B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.920818214.00000000053B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53B2000
|
| Size: |
49152
|
|
|
14C48170000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1204528569.0000014C48170000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48170000
|
| Size: |
4096
|
|
|
4D75000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963377067.0000000004D75000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D75000
|
| Size: |
12288
|
|
|
50F7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.964309669.00000000050F7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50F7000
|
| Size: |
4096
|
|
|
6AAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350351920.0000000006AAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AAE000
|
| Size: |
45056
|
|
|
52E0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.978568692.00000000052E0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
52E0000
|
| Size: |
4096
|
|
|
12D5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918060712.00000000012D5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12D5000
|
| Size: |
28672
|
|
|
14C47F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808315497.0000014C47F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C47F40000
|
| Size: |
4096
|
|
|
2E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918903880.0000000002E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E70000
|
| Size: |
4096
|
|
|
25D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949428659.00000000025D0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25D0000
|
| Size: |
4096
|
|
|
2CB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973059771.0000000002CB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CB0000
|
| Size: |
65536
|
|
|
5590000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979094615.0000000005590000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5590000
|
| Size: |
4096
|
|
|
A0B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.971190033.000000000A0B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A0B0000
|
| Size: |
8192
|
|
|
2D20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973485844.0000000002D20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D20000
|
| Size: |
65536
|
|
|
5EA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3348176738.00000000005EA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5EA000
|
| Size: |
24576
|
|
|
14C42C10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811417208.0000014C42C10000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42C10000
|
| Size: |
4096
|
|
|
A6FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.925681500.000000000A6FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A6FE000
|
| Size: |
8192
|
|
|
3E79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.977426984.0000000003E79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E79000
|
| Size: |
4096
|
|
|
A230000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3357582427.000000000A230000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A230000
|
| Size: |
376832
|
|
|
95B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3356989780.00000000095B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
95B0000
|
| Size: |
65536
|
|
|
2D43000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973616725.0000000002D43000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D43000
|
| Size: |
8192
|
|
|
5840000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.979838248.0000000005840000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5840000
|
| Size: |
65536
|
|
|
4E50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963454658.0000000004E50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E50000
|
| Size: |
8192
|
|
|
A52E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3360844290.000000000A52E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A52E000
|
| Size: |
8192
|
|
|
5370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.920778230.0000000005370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5370000
|
| Size: |
65536
|
|
|
A2A1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3357582427.000000000A2A1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A2A1000
|
| Size: |
94208
|
|
|
2EB4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973741754.0000000002EB4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2EB4000
|
| Size: |
704512
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
3E91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.919930571.0000000003E91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E91000
|
| Size: |
28672
|
|
|
14C42B02000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811215798.0000014C42B02000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42B02000
|
| Size: |
8192
|
|
|
A6B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3361807952.000000000A6B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A6B0000
|
| Size: |
65536
|
|
|
A12E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3357059174.000000000A12E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A12E000
|
| Size: |
8192
|
|
|
7C19000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.970446844.0000000007C19000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C19000
|
| Size: |
176128
|
|
|
6F73000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006F73000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F73000
|
| Size: |
229376
|
|
|
52D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.978512278.00000000052D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52D0000
|
| Size: |
57344
|
|
|
50F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964286695.00000000050F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50F2000
|
| Size: |
4096
|
|
|
6CAC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.967408426.0000000006CAC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6CAC000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5470000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921390076.0000000005470000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5470000
|
| Size: |
8192
|
|
|
51D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350118421.00000000051D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51D0000
|
| Size: |
65536
|
|
|
7410000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.922874225.0000000007410000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7410000
|
| Size: |
65536
|
|
|
51C0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3350056606.00000000051C0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
51C0000
|
| Size: |
65536
|
|
|
5250000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964616226.0000000005250000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5250000
|
| Size: |
40960
|
|
|
6D4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D4A000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7D7F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.982012745.0000000007D7F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D7F000
|
| Size: |
4096
|
|
|
517E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350000834.000000000517E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
517E000
|
| Size: |
8192
|
|
|
14C49000000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808864893.0000014C49000000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C49000000
|
| Size: |
4096
|
|
|
A08E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.971159521.000000000A08E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A08E000
|
| Size: |
8192
|
|
|
50E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964193511.00000000050E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50E0000
|
| Size: |
4096
|
|
|
A3EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3360383322.000000000A3EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A3EE000
|
| Size: |
8192
|
|
|
2D00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973345738.0000000002D00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D00000
|
| Size: |
4096
|
|
|
136D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.972279445.000000000136D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
136D000
|
| Size: |
4096
|
|
|
4EC3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.963534060.0000000004EC3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4EC3000
|
| Size: |
4096
|
|
|
6BCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.966636516.0000000006BCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6BCE000
|
| Size: |
8192
|
|
|
FCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971158510.0000000000FCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FCE000
|
| Size: |
8192
|
|
|
4ED0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963615494.0000000004ED0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4ED0000
|
| Size: |
45056
|
|
|
54E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.978758263.00000000054E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
54E0000
|
| Size: |
65536
|
|
|
7D76000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007D76000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D76000
|
| Size: |
16384
|
|
|
14B2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918458322.00000000014B2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14B2000
|
| Size: |
4096
|
|
|
10C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971253587.00000000010C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10C5000
|
| Size: |
4096
|
|
|
558E000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.979045733.000000000558E000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
558E000
|
| Size: |
4096
|
|
|
A096000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.971190033.000000000A096000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A096000
|
| Size: |
4096
|
|
|
14C42A69000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808894558.0000014C42A69000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A69000
|
| Size: |
8192
|
|
|
14C43304000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808546713.0000014C43304000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C43304000
|
| Size: |
16384
|
|
|
7459000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981397095.0000000007459000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7459000
|
| Size: |
28672
|
|
|
2CE6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973111646.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CE6000
|
| Size: |
16384
|
|
|
6CB6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.967408426.0000000006CB6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6CB6000
|
| Size: |
4096
|
|
|
7DCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.925039127.0000000007DCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7DCE000
|
| Size: |
8192
|
|
|
120E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972056464.000000000120E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
120E000
|
| Size: |
8192
|
|
|
7B5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981914877.0000000007B5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B5D000
|
| Size: |
12288
|
|
|
7E82000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007E82000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7E82000
|
| Size: |
4096
|
|
|
6F3F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006F3F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F3F000
|
| Size: |
122880
|
|
|
556B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.978989919.000000000556B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
556B000
|
| Size: |
20480
|
|
|
14C48120000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808415136.0000014C48120000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48120000
|
| Size: |
4096
|
|
|
14C482E3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812406168.0000014C482E3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C482E3000
|
| Size: |
45056
|
|
|
6D7C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D7C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D7C000
|
| Size: |
4096
|
|
|
7440000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922921312.0000000007440000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7440000
|
| Size: |
57344
|
|
|
1354000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972176822.0000000001354000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1354000
|
| Size: |
4096
|
|
|
BD0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.875124763.0000000000BD0000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
BD0000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
304A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.895072147.000000000304A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
304A000
|
| Size: |
69632
|
|
|
5330000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.978636424.0000000005330000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5330000
|
| Size: |
65536
|
|
|
14C47F50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808343049.0000014C47F50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C47F50000
|
| Size: |
4096
|
|
|
5570000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979021466.0000000005570000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
73B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.981231378.00000000073B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
73B0000
|
| Size: |
65536
|
|
|
1130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917751249.0000000001130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1130000
|
| Size: |
8192
|
|
|
53A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.920818214.00000000053A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53A1000
|
| Size: |
16384
|
|
|
2CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949663762.0000000002CA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CA0000
|
| Size: |
16384
|
|
|
109C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971253587.000000000109C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
109C000
|
| Size: |
106496
|
|
|
8002000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000008002000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8002000
|
| Size: |
20480
|
|
|
2D0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918776448.0000000002D0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2D0E000
|
| Size: |
8192
|
|
|
75FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923136126.00000000075FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
75FE000
|
| Size: |
8192
|
|
|
7CD1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007CD1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7CD1000
|
| Size: |
32768
|
|
|
5EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922360723.0000000005EE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5EE0000
|
| Size: |
4096
|
|
|
2ED4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918976600.0000000002ED4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2ED4000
|
| Size: |
696320
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2D60000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.973707885.0000000002D60000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2D60000
|
| Size: |
4096
|
|
|
4744000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.977426984.0000000004744000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4744000
|
| Size: |
176128
|
|
|
50E3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3349612133.00000000050E3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50E3000
|
| Size: |
4096
|
|
|
14C42A8B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2809000032.0000014C42A8B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A8B000
|
| Size: |
4096
|
|
|
4E98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.920705414.0000000004E98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4E98000
|
| Size: |
4096
|
|
|
9240000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3356808645.0000000009240000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
9240000
|
| Size: |
4096
|
|
|
4D74000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3348546962.0000000004D74000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D74000
|
| Size: |
4096
|
|
|
50EA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.964237441.00000000050EA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50EA000
|
| Size: |
8192
|
|
|
14C4824D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811830403.0000014C4824D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C4824D000
|
| Size: |
4096
|
|
|
A87E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.982631311.000000000A87E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A87E000
|
| Size: |
8192
|
|
|
2BA8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972877663.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BA8000
|
| Size: |
4096
|
|
|
25E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949454986.00000000025E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
25E0000
|
| Size: |
4096
|
|
|
5765000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979305563.0000000005765000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5765000
|
| Size: |
40960
|
|
|
14C48110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808087023.0000014C48110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48110000
|
| Size: |
4096
|
|
|
14C47FD2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2807426232.0000014C47FD2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C47FD2000
|
| Size: |
4096
|
|
|
124E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917789483.000000000124E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
124E000
|
| Size: |
8192
|
|
|
6B18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350918870.0000000006B18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B18000
|
| Size: |
4096
|
|
|
A2BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3359403171.000000000A2BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A2BF000
|
| Size: |
4096
|
|
|
5100000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349741236.0000000005100000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5100000
|
| Size: |
4096
|
|
|
128E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917809481.000000000128E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
128E000
|
| Size: |
8192
|
|
|
14C48000000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2806657361.0000014C48000000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48000000
|
| Size: |
4096
|
|
|
14C429F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2810422890.0000014C429F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C429F0000
|
| Size: |
12288
|
|
|
A6D0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3362167244.000000000A6D0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A6D0000
|
| Size: |
65536
|
|
|
305C000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.895072147.000000000305C000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
305C000
|
| Size: |
28672
|
|
|
5630000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.921498151.0000000005630000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5630000
|
| Size: |
65536
|
|
|
14C482F8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812537463.0000014C482F8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C482F8000
|
| Size: |
4096
|
|
|
14C482F1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812406168.0000014C482F1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C482F1000
|
| Size: |
16384
|
|
|
5130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349981040.0000000005130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5130000
|
| Size: |
4096
|
|
|
6FFA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006FFA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FFA000
|
| Size: |
4096
|
|
|
942E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.970979062.000000000942E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
942E000
|
| Size: |
8192
|
|
|
A6AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3361688407.000000000A6AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A6AE000
|
| Size: |
8192
|
|
|
E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.970995510.0000000000E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E6E000
|
| Size: |
8192
|
|
|
13F4000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972807200.00000000013F4000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F4000
|
| Size: |
45056
|
|
|
2A30000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949616339.0000000002A30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A30000
|
| Size: |
32768
|
|
|
6E58000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E58000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E58000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
14C482A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812056598.0000014C482A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C482A8000
|
| Size: |
90112
|
|
|
14C43500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808470170.0000014C43500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C43500000
|
| Size: |
4096
|
|
|
5620000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921455276.0000000005620000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5620000
|
| Size: |
65536
|
|
|
6CB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.967408426.0000000006CB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6CB9000
|
| Size: |
86016
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
50F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964260901.00000000050F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50F0000
|
| Size: |
4096
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.963031933.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
6FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FC0000
|
| Size: |
4096
|
|
|
14C42A59000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2810819538.0000014C42A59000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A59000
|
| Size: |
8192
|
|
|
5730000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922033642.0000000005730000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5730000
|
| Size: |
65536
|
|
|
2F7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918976600.0000000002F7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F7F000
|
| Size: |
4521984
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
14C43200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811502571.0000014C43200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C43200000
|
| Size: |
4096
|
|
|
6D84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D84000
|
| Size: |
8192
|
|
|
2CEC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973111646.0000000002CEC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CEC000
|
| Size: |
73728
|
|
|
1350000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972130658.0000000001350000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1350000
|
| Size: |
12288
|
|
|
2E91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918976600.0000000002E91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E91000
|
| Size: |
266240
|
|
|
299E000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949551232.000000000299E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
299E000
|
| Size: |
8192
|
|
|
14B6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.918487331.00000000014B6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14B6000
|
| Size: |
8192
|
|
|
650000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3348292001.0000000000650000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
650000
|
| Size: |
4096
|
|
|
91CD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.970711775.00000000091CD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
91CD000
|
| Size: |
12288
|
|
|
573E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979119906.000000000573E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
573E000
|
| Size: |
8192
|
|
|
9FD77E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2809903698.00000009FD77E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FD77E000
|
| Size: |
8192
|
|
|
6B80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.966467466.0000000006B80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B80000
|
| Size: |
4096
|
|
|
7D8B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007D8B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D8B000
|
| Size: |
20480
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7D8A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.924927797.0000000007D8A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D8A000
|
| Size: |
4096
|
|
|
53F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921250619.00000000053F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53F0000
|
| Size: |
65536
|
|
|
CF6000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.970771043.0000000000CF6000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CF6000
|
| Size: |
40960
|
|
|
2CAB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973031405.0000000002CAB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2CAB000
|
| Size: |
20480
|
|
|
7D3B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007D3B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D3B000
|
| Size: |
4096
|
|
|
6F66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006F66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F66000
|
| Size: |
16384
|
|
|
6F36000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006F36000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F36000
|
| Size: |
4096
|
|
|
6B00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350886523.0000000006B00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6B00000
|
| Size: |
4096
|
|
|
A5AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3361524791.000000000A5AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A5AE000
|
| Size: |
8192
|
|
|
2A3A000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949616339.0000000002A3A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2A3A000
|
| Size: |
94208
|
|
|
920D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.970738424.000000000920D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
920D000
|
| Size: |
12288
|
|
|
14C42AFD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811215798.0000014C42AFD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42AFD000
|
| Size: |
16384
|
|
|
13F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972807200.00000000013F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13F0000
|
| Size: |
12288
|
|
|
6FC9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006FC9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FC9000
|
| Size: |
8192
|
|
|
76B8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923252114.00000000076B8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
76B8000
|
| Size: |
176128
|
|
|
5690000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921682651.0000000005690000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5690000
|
| Size: |
4096
|
|
|
2E60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918885331.0000000002E60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E60000
|
| Size: |
4096
|
|
|
7650000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.923186619.0000000007650000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7650000
|
| Size: |
65536
|
|
|
5910000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.922259386.0000000005910000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5910000
|
| Size: |
65536
|
|
|
A090000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.971190033.000000000A090000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A090000
|
| Size: |
4096
|
|
|
5510000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.978903575.0000000005510000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5510000
|
| Size: |
32768
|
|
|
5519000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.978903575.0000000005519000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5519000
|
| Size: |
28672
|
|
|
907D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3356349909.000000000907D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
907D000
|
| Size: |
12288
|
|
|
2AEA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.894696268.0000000002AEA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2AEA000
|
| Size: |
24576
|
|
|
5180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964455703.0000000005180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5180000
|
| Size: |
65536
|
|
|
A7D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3363212027.000000000A7D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A7D0000
|
| Size: |
4096
|
|
|
95A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3356931261.00000000095A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
95A0000
|
| Size: |
65536
|
|
|
5110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349833415.0000000005110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5110000
|
| Size: |
4096
|
|
|
6F18000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006F18000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F18000
|
| Size: |
4096
|
|
|
F66000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917591487.0000000000F66000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F66000
|
| Size: |
40960
|
|
|
2E6F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973725248.0000000002E6F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E6F000
|
| Size: |
4096
|
|
|
14C480D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2804660827.0000014C480D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C480D0000
|
| Size: |
4096
|
|
|
7EE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007EE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EE0000
|
| Size: |
4096
|
|
|
6AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350804857.0000000006AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6AF0000
|
| Size: |
4096
|
|
|
9FF7FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2810314455.00000009FF7FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FF7FE000
|
| Size: |
8192
|
|
|
134B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918244416.000000000134B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
134B000
|
| Size: |
16384
|
|
|
14C480D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2804854347.0000014C480D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C480D0000
|
| Size: |
4096
|
|
|
1052000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971253587.0000000001052000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1052000
|
| Size: |
4096
|
|
|
4EE8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963667134.0000000004EE8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EE8000
|
| Size: |
131072
|
|
|
14C4331A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1254568151.0000014C4331A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C4331A000
|
| Size: |
4096
|
|
|
A790000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3363103125.000000000A790000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A790000
|
| Size: |
32768
|
|
|
5720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921953977.0000000005720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5720000
|
| Size: |
65536
|
|
|
78DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923585360.00000000078DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
78DE000
|
| Size: |
8192
|
|
|
7D80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.924927797.0000000007D80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D80000
|
| Size: |
36864
|
|
|
7040F000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.925951187.000000007040F000.00000002.00000001.01000000.0000000D.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
7040F000
|
| Size: |
12288
|
|
|
14C48640000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2804083303.0000014C48640000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48640000
|
| Size: |
4096
|
|
|
1360000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972246193.0000000001360000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1360000
|
| Size: |
20480
|
|
|
4ECD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.963577754.0000000004ECD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4ECD000
|
| Size: |
4096
|
|
|
4D20000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000007.00000002.963304243.0000000004D20000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
4D20000
|
| Size: |
4096
|
|
|
706E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922438314.000000000706E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
706E000
|
| Size: |
53248
|
|
|
290E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949477962.000000000290E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
290E000
|
| Size: |
8192
|
|
|
502C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.920755249.000000000502C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
502C000
|
| Size: |
16384
|
|
|
6CA3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.967408426.0000000006CA3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6CA3000
|
| Size: |
32768
|
|
|
5680000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.921647090.0000000005680000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5680000
|
| Size: |
61440
|
|
|
75BD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923104870.00000000075BD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
75BD000
|
| Size: |
12288
|
|
|
2D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973616725.0000000002D40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2D40000
|
| Size: |
4096
|
|
|
EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971071202.0000000000EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
EB0000
|
| Size: |
8192
|
|
|
A6E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3362419243.000000000A6E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A6E0000
|
| Size: |
65536
|
|
|
5900000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.922205747.0000000005900000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5900000
|
| Size: |
65536
|
|
|
A9DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.925751778.000000000A9DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9DC000
|
| Size: |
16384
|
|
|
12DF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918060712.00000000012DF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12DF000
|
| Size: |
4096
|
|
|
14C43180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811463885.0000014C43180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C43180000
|
| Size: |
4096
|
|
|
2F61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973741754.0000000002F61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2F61000
|
| Size: |
4513792
|
|
|
14C482FC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812537463.0000014C482FC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C482FC000
|
| Size: |
8192
|
|
|
AB1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.925795189.000000000AB1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB1E000
|
| Size: |
8192
|
|
|
778E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981717377.000000000778E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
778E000
|
| Size: |
8192
|
|
|
53A6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.920818214.00000000053A6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53A6000
|
| Size: |
16384
|
|
|
5580000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.979045733.0000000005580000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
5580000
|
| Size: |
4096
|
|
|
763E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923162060.000000000763E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
763E000
|
| Size: |
8192
|
|
|
57F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979379716.00000000057F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57F0000
|
| Size: |
65536
|
|
|
7FB2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007FB2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB2000
|
| Size: |
12288
|
|
|
14C43F40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2807506847.0000014C43F40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C43F40000
|
| Size: |
4096
|
|
|
78CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981776930.00000000078CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
78CE000
|
| Size: |
8192
|
|
|
585A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979937304.000000000585A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
585A000
|
| Size: |
4096
|
|
|
6E4E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E4E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E4E000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7450000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981397095.0000000007450000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7450000
|
| Size: |
32768
|
|
|
1294000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917936354.0000000001294000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1294000
|
| Size: |
4096
|
|
|
2E80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918954217.0000000002E80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E80000
|
| Size: |
4096
|
|
|
4D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3348497779.0000000004D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D3E000
|
| Size: |
8192
|
|
|
2C40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.972915583.0000000002C40000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2C40000
|
| Size: |
65536
|
|
|
93EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.970935306.00000000093EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
93EE000
|
| Size: |
8192
|
|
|
14C42A9D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811029807.0000014C42A9D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A9D000
|
| Size: |
4096
|
|
|
135D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918244416.000000000135D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
135D000
|
| Size: |
4096
|
|
|
3E99000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.919930571.0000000003E99000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E99000
|
| Size: |
106496
|
|
|
9230000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3356748351.0000000009230000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
9230000
|
| Size: |
65536
|
|
|
946E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.971003516.000000000946E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
946E000
|
| Size: |
8192
|
|
|
660000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000012.00000002.3348332113.0000000000660000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
660000
|
| Size: |
4096
|
|
|
6DBC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006DBC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DBC000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
149F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918341323.000000000149F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
149F000
|
| Size: |
4096
|
|
|
AC70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3363248076.000000000AC70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AC70000
|
| Size: |
8192
|
|
|
14C482FA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812537463.0000014C482FA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C482FA000
|
| Size: |
4096
|
|
|
5400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921290314.0000000005400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5400000
|
| Size: |
65536
|
|
|
921A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3356491480.000000000921A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
921A000
|
| Size: |
24576
|
|
|
550A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.978822898.000000000550A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
550A000
|
| Size: |
24576
|
|
|
9FD87E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.2809932474.00000009FD87E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9FD87E000
|
| Size: |
4096
|
|
|
4F70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963667134.0000000004F70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F70000
|
| Size: |
110592
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7EAE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007EAE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7EAE000
|
| Size: |
20480
|
|
|
6DD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006DD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6DD4000
|
| Size: |
442368
|
|
|
5112000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349857859.0000000005112000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5112000
|
| Size: |
4096
|
|
|
7040000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.980377866.0000000007040000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7040000
|
| Size: |
315392
|
|
|
14C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918564332.00000000014C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C2000
|
| Size: |
4096
|
|
|
10BD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971253587.00000000010BD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10BD000
|
| Size: |
4096
|
|
|
50DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964170571.00000000050DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50DF000
|
| Size: |
4096
|
|
|
7DD1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007DD1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DD1000
|
| Size: |
8192
|
|
|
14C42CF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811442237.0000014C42CF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42CF0000
|
| Size: |
4096
|
|
|
9FDC7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.2810031024.00000009FDC7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9FDC7E000
|
| Size: |
4096
|
|
|
14C4821F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811582411.0000014C4821F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C4821F000
|
| Size: |
49152
|
|
|
1350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918244416.0000000001350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1350000
|
| Size: |
24576
|
|
|
708E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.980377866.000000000708E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
708E000
|
| Size: |
299008
|
|
|
7010000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.980377866.0000000007010000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7010000
|
| Size: |
4096
|
|
|
A9BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.982691306.000000000A9BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9BE000
|
| Size: |
8192
|
|
|
14B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918429124.00000000014B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14B0000
|
| Size: |
4096
|
|
|
14C48640000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2804400131.0000014C48640000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48640000
|
| Size: |
4096
|
|
|
4EB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349482461.0000000004EB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EB0000
|
| Size: |
16384
|
|
|
14C42AAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2809489004.0000014C42AAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42AAE000
|
| Size: |
8192
|
|
|
1293000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.917903963.0000000001293000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1293000
|
| Size: |
4096
|
|
|
14C48100000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808030219.0000014C48100000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48100000
|
| Size: |
4096
|
|
|
124E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972080280.000000000124E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
124E000
|
| Size: |
8192
|
|
|
E20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.970945353.0000000000E20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E20000
|
| Size: |
8192
|
|
|
A28F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3357582427.000000000A28F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A28F000
|
| Size: |
4096
|
|
|
5240000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964544830.0000000005240000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5240000
|
| Size: |
4096
|
|
|
14C48170000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1204580862.0000014C48170000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48170000
|
| Size: |
4096
|
|
|
2BE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.894814509.0000000002BE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2BE0000
|
| Size: |
4096
|
|
|
14C47FC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2806765294.0000014C47FC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C47FC0000
|
| Size: |
4096
|
|
|
670000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3348369434.0000000000670000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
670000
|
| Size: |
8192
|
|
|
6CAE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350943241.0000000006CAE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CAE000
|
| Size: |
8192
|
|
|
9FD67E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.2809749633.00000009FD67E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9FD67E000
|
| Size: |
4096
|
|
|
6CC0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3351047068.0000000006CC0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
6CC0000
|
| Size: |
4096
|
|
|
A5FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.925648509.000000000A5FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A5FE000
|
| Size: |
8192
|
|
|
12A8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917977228.00000000012A8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12A8000
|
| Size: |
16384
|
|
|
7F71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007F71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F71000
|
| Size: |
16384
|
|
|
9D8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.971083814.0000000009D8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9D8E000
|
| Size: |
8192
|
|
|
138B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.972724046.000000000138B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
138B000
|
| Size: |
4096
|
|
|
2AAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.894675820.0000000002AAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2AAD000
|
| Size: |
12288
|
|
|
A77D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.982603397.000000000A77D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A77D000
|
| Size: |
12288
|
|
|
9FCFFB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2809595122.00000009FCFFB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FCFFB000
|
| Size: |
20480
|
|
|
2D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973661789.0000000002D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D50000
|
| Size: |
65536
|
|
|
6F10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.980238846.0000000006F10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6F10000
|
| Size: |
110592
|
|
|
73E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981320901.00000000073E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73E0000
|
| Size: |
57344
|
|
|
6E7B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E7B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E7B000
|
| Size: |
8192
|
|
|
766A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923252114.000000000766A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
766A000
|
| Size: |
315392
|
|
|
A7FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.925708435.000000000A7FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A7FE000
|
| Size: |
8192
|
|
|
A48F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.982493556.000000000A48F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A48F000
|
| Size: |
4096
|
|
|
50F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349678259.00000000050F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50F0000
|
| Size: |
28672
|
|
|
6F1D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006F1D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F1D000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
538B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.920818214.000000000538B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
538B000
|
| Size: |
69632
|
|
|
14C42AB3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2809000032.0000014C42AB3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42AB3000
|
| Size: |
32768
|
|
|
3010000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.895012444.0000000003010000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3010000
|
| Size: |
16384
|
|
|
3040000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.895072147.0000000003040000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3040000
|
| Size: |
36864
|
|
|
6A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350323677.0000000006A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6A9E000
|
| Size: |
8192
|
|
|
92B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.970773647.00000000092B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
92B0000
|
| Size: |
237568
|
|
|
74B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923025553.00000000074B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
74B0000
|
| Size: |
65536
|
|
|
7660000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923226830.0000000007660000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7660000
|
| Size: |
36864
|
|
|
10C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917678770.00000000010C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10C5000
|
| Size: |
12288
|
|
|
5190000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964507390.0000000005190000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5190000
|
| Size: |
20480
|
|
|
5810000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979596199.0000000005810000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5810000
|
| Size: |
65536
|
|
|
14C42A63000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808894558.0000014C42A63000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A63000
|
| Size: |
4096
|
|
|
6FCE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006FCE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FCE000
|
| Size: |
98304
|
|
|
757D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923069730.000000000757D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
757D000
|
| Size: |
12288
|
|
|
58FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922183149.00000000058FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
58FE000
|
| Size: |
8192
|
|
|
5610000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.921413513.0000000005610000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5610000
|
| Size: |
65536
|
|
|
14C482BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812056598.0000014C482BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C482BF000
|
| Size: |
28672
|
|
|
A73C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.982571240.000000000A73C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A73C000
|
| Size: |
16384
|
|
|
6F2D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006F2D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F2D000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
5115000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3349916170.0000000005115000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5115000
|
| Size: |
4096
|
|
|
7DD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007DD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DD4000
|
| Size: |
12288
|
|
|
9F8E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.971138492.0000000009F8E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F8E000
|
| Size: |
8192
|
|
|
A8BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.982662397.000000000A8BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A8BE000
|
| Size: |
8192
|
|
|
14C42AA9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2809489004.0000014C42AA9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42AA9000
|
| Size: |
12288
|
|
|
5750000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922115308.0000000005750000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5750000
|
| Size: |
65536
|
|
|
5EF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922360723.0000000005EF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5EF0000
|
| Size: |
81920
|
|
|
3ED2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.919930571.0000000003ED2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3ED2000
|
| Size: |
602112
|
|
|
51E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350203816.00000000051E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51E4000
|
| Size: |
49152
|
|
|
14C4830A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1255340787.0000014C4830A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C4830A000
|
| Size: |
8192
|
|
|
789E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923522015.000000000789E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
789E000
|
| Size: |
8192
|
|
|
5920000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.922314519.0000000005920000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5920000
|
| Size: |
65536
|
|
|
7BF5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.970446844.0000000007BF5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BF5000
|
| Size: |
12288
|
|
|
6B50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.966297276.0000000006B50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B50000
|
| Size: |
12288
|
|
|
2950000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949522362.0000000002950000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2950000
|
| Size: |
24576
|
|
|
7D39000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007D39000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D39000
|
| Size: |
4096
|
|
|
7E50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007E50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7E50000
|
| Size: |
4096
|
|
|
7DA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007DA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7DA6000
|
| Size: |
4096
|
|
|
96BF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.971056152.00000000096BF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
96BF000
|
| Size: |
4096
|
|
|
539E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.920818214.000000000539E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
539E000
|
| Size: |
8192
|
|
|
101E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971253587.000000000101E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
101E000
|
| Size: |
159744
|
|
|
53AC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.920818214.00000000053AC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53AC000
|
| Size: |
20480
|
|
|
5740000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922069444.0000000005740000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5740000
|
| Size: |
65536
|
|
|
29DF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949582118.00000000029DF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29DF000
|
| Size: |
4096
|
|
|
511B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3349961377.000000000511B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
511B000
|
| Size: |
4096
|
|
|
B02000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.875043478.0000000000B02000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
B02000
|
| Size: |
839680
|
|
|
53C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921135371.00000000053C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53C0000
|
| Size: |
65536
|
|
|
5850000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979937304.0000000005850000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5850000
|
| Size: |
36864
|
|
|
6AC1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350351920.0000000006AC1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AC1000
|
| Size: |
16384
|
|
|
2E73000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918903880.0000000002E73000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2E73000
|
| Size: |
8192
|
|
|
14C42A8D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2809000032.0000014C42A8D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A8D000
|
| Size: |
20480
|
|
|
256A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949395069.000000000256A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
256A000
|
| Size: |
24576
|
|
|
5460000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921363901.0000000005460000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5460000
|
| Size: |
4096
|
|
|
14C480B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2807954960.0000014C480B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C480B0000
|
| Size: |
8192
|
|
|
14C43A90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2807704264.0000014C43A90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C43A90000
|
| Size: |
4096
|
|
|
4764000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.919930571.0000000004764000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4764000
|
| Size: |
176128
|
|
|
7D9F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007D9F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D9F000
|
| Size: |
16384
|
|
|
4CF7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3348440881.0000000004CF7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CF7000
|
| Size: |
36864
|
|
|
7060000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922438314.0000000007060000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7060000
|
| Size: |
53248
|
|
|
5244000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964544830.0000000005244000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5244000
|
| Size: |
4096
|
|
|
7A11000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981869632.0000000007A11000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7A11000
|
| Size: |
36864
|
|
|
294F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000E.00000002.949503565.000000000294F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
14
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
294F000
|
| Size: |
4096
|
|
|
70406000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.925895022.0000000070406000.00000002.00000001.01000000.0000000D.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
70406000
|
| Size: |
28672
|
|
|
5800000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979534105.0000000005800000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5800000
|
| Size: |
65536
|
|
|
2CE1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973111646.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CE1000
|
| Size: |
16384
|
|
|
3E71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.977426984.0000000003E71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E71000
|
| Size: |
28672
|
|
|
6ACD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350351920.0000000006ACD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6ACD000
|
| Size: |
69632
|
|
|
A63B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.982538609.000000000A63B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A63B000
|
| Size: |
20480
|
|
|
14C42A13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2810588049.0000014C42A13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A13000
|
| Size: |
94208
|
|
|
703F0000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.925827121.00000000703F0000.00000002.00000001.01000000.0000000D.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
703F0000
|
| Size: |
4096
|
|
|
4E70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963480552.0000000004E70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E70000
|
| Size: |
4096
|
|
|
53D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921174242.00000000053D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
53D0000
|
| Size: |
65536
|
|
|
129D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.917959630.000000000129D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
129D000
|
| Size: |
4096
|
|
|
6F60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006F60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F60000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
14C48010000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1203343921.0000014C48010000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48010000
|
| Size: |
4096
|
|
|
A8DC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.925730065.000000000A8DC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A8DC000
|
| Size: |
16384
|
|
|
14C48302000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812733051.0000014C48302000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C48302000
|
| Size: |
8192
|
|
|
6CB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350987490.0000000006CB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6CB0000
|
| Size: |
49152
|
|
|
14BA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.918523699.00000000014BA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14BA000
|
| Size: |
8192
|
|
|
6B0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964795652.0000000006B0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B0E000
|
| Size: |
8192
|
|
|
5E21000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.980102065.0000000005E21000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5E21000
|
| Size: |
81920
|
|
|
74F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981573790.00000000074F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
74F0000
|
| Size: |
40960
|
|
|
9FDD7B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2810071517.00000009FDD7B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9FDD7B000
|
| Size: |
20480
|
|
|
6AA6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350351920.0000000006AA6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AA6000
|
| Size: |
8192
|
|
|
12BF000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918060712.00000000012BF000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12BF000
|
| Size: |
28672
|
|
|
14C480C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2805244507.0000014C480C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C480C0000
|
| Size: |
4096
|
|
|
6FFF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006FFF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FFF000
|
| Size: |
12288
|
|
|
A36D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3359703172.000000000A36D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A36D000
|
| Size: |
12288
|
|
|
7040D000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.925926059.000000007040D000.00000004.00000001.01000000.0000000D.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
7040D000
|
| Size: |
8192
|
|
|
9214000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3356491480.0000000009214000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9214000
|
| Size: |
4096
|
|
|
52F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.978590354.00000000052F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52F0000
|
| Size: |
8192
|
|
|
2C50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972989982.0000000002C50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C50000
|
| Size: |
4096
|
|
|
14C42A9F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811029807.0000014C42A9F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A9F000
|
| Size: |
40960
|
|
|
79DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923667609.00000000079DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
79DE000
|
| Size: |
8192
|
|
|
6E52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E52000
|
| Size: |
4096
|
|
|
6E83000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E83000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E83000
|
| Size: |
4096
|
|
|
6C9E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.967408426.0000000006C9E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C9E000
|
| Size: |
16384
|
|
|
6FBD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006FBD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FBD000
|
| Size: |
8192
|
|
|
7D96000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007D96000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D96000
|
| Size: |
8192
|
|
|
A4EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3360508005.000000000A4EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A4EE000
|
| Size: |
8192
|
|
|
14C48120000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1203284173.0000014C48120000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48120000
|
| Size: |
4096
|
|
|
6E89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E89000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2F0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.894849342.0000000002F0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F0E000
|
| Size: |
8192
|
|
|
2E0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918803574.0000000002E0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2E0E000
|
| Size: |
8192
|
|
|
6FB7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006FB7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FB7000
|
| Size: |
8192
|
|
|
4EB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963511630.0000000004EB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EB0000
|
| Size: |
8192
|
|
|
6ABA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350351920.0000000006ABA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6ABA000
|
| Size: |
4096
|
|
|
732E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922582520.000000000732E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
732E000
|
| Size: |
8192
|
|
|
51E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350203816.00000000051E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
51E0000
|
| Size: |
4096
|
|
|
4D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3348546962.0000000004D40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D40000
|
| Size: |
28672
|
|
|
6C9B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.967408426.0000000006C9B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C9B000
|
| Size: |
8192
|
|
|
5110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964354090.0000000005110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5110000
|
| Size: |
4096
|
|
|
2CC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973111646.0000000002CC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CC0000
|
| Size: |
32768
|
|
|
A3AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3360063680.000000000A3AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A3AE000
|
| Size: |
8192
|
|
|
912F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.970632817.000000000912F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
912F000
|
| Size: |
4096
|
|
|
9220000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3356661572.0000000009220000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9220000
|
| Size: |
49152
|
|
|
14C42AFD000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2807543835.0000014C42AFD000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42AFD000
|
| Size: |
16384
|
|
|
E90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971040014.0000000000E90000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
E90000
|
| Size: |
16384
|
|
|
7D61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007D61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D61000
|
| Size: |
4096
|
|
|
9250000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3356828523.0000000009250000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9250000
|
| Size: |
4096
|
|
|
4EB5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349482461.0000000004EB5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EB5000
|
| Size: |
12288
|
|
|
14C42A2B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2810617350.0000014C42A2B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A2B000
|
| Size: |
12288
|
|
|
14C480A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2807864624.0000014C480A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C480A0000
|
| Size: |
4096
|
|
|
4EE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963667134.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4EE0000
|
| Size: |
24576
|
|
|
1397000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918312422.0000000001397000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1397000
|
| Size: |
32768
|
|
|
A38E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.982464836.000000000A38E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A38E000
|
| Size: |
8192
|
|
|
5260000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964676296.0000000005260000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5260000
|
| Size: |
16384
|
|
|
14C48170000
|
remote allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1204508928.0000014C48170000.00000004.00000400.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
remote allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48170000
|
| Size: |
4096
|
|
|
9165000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.970653962.0000000009165000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9165000
|
| Size: |
36864
|
|
|
2BDF000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.894781287.0000000002BDF000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2BDF000
|
| Size: |
4096
|
|
|
E6A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917567770.0000000000E6A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E6A000
|
| Size: |
24576
|
|
|
1046000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971253587.0000000001046000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1046000
|
| Size: |
36864
|
|
|
585C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979937304.000000000585C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
585C000
|
| Size: |
16384
|
|
|
8CEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.970606991.0000000008CEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8CEE000
|
| Size: |
8192
|
|
|
6ABE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350351920.0000000006ABE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6ABE000
|
| Size: |
4096
|
|
|
6E8E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E8E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E8E000
|
| Size: |
172032
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
72CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981197096.00000000072CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
72CF000
|
| Size: |
4096
|
|
|
EC0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971107518.0000000000EC0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EC0000
|
| Size: |
24576
|
|
|
56A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921705297.00000000056A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
56A0000
|
| Size: |
12288
|
|
|
5340000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.978701665.0000000005340000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5340000
|
| Size: |
65536
|
|
|
6F6D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006F6D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F6D000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
4E33000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349359318.0000000004E33000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E33000
|
| Size: |
49152
|
|
|
6D91000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D91000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D91000
|
| Size: |
49152
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7BF1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.970446844.0000000007BF1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7BF1000
|
| Size: |
12288
|
|
|
7B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923749067.0000000007B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B1E000
|
| Size: |
8192
|
|
|
14C43300000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808663002.0000014C43300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C43300000
|
| Size: |
4096
|
|
|
14C482C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812406168.0000014C482C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C482C7000
|
| Size: |
110592
|
|
|
764E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981659241.000000000764E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
764E000
|
| Size: |
8192
|
|
|
6FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FF0000
|
| Size: |
12288
|
|
|
14C7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.918592818.00000000014C7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14C7000
|
| Size: |
4096
|
|
|
4D48000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3348546962.0000000004D48000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D48000
|
| Size: |
135168
|
|
|
9470000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.971025352.0000000009470000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
9470000
|
| Size: |
4096
|
|
|
A29B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3357582427.000000000A29B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A29B000
|
| Size: |
16384
|
|
|
6D46000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D46000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D46000
|
| Size: |
8192
|
|
|
5820000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.979660521.0000000005820000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5820000
|
| Size: |
65536
|
|
|
14C42A2F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2810617350.0000014C42A2F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A2F000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
6F23000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006F23000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F23000
|
| Size: |
4096
|
|
|
14C42AAE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2809000032.0000014C42AAE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42AAE000
|
| Size: |
8192
|
|
|
2CC0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.918748531.0000000002CC0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2CC0000
|
| Size: |
4096
|
|
|
7F84000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007F84000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F84000
|
| Size: |
4096
|
|
|
5669000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921583524.0000000005669000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5669000
|
| Size: |
28672
|
|
|
5247000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964544830.0000000005247000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5247000
|
| Size: |
20480
|
|
|
2C60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973012087.0000000002C60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2C60000
|
| Size: |
4096
|
|
|
14C43840000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808143334.0000014C43840000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C43840000
|
| Size: |
4096
|
|
|
1372000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972321692.0000000001372000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1372000
|
| Size: |
4096
|
|
|
5760000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979305563.0000000005760000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5760000
|
| Size: |
12288
|
|
|
14C42AB3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2809489004.0000014C42AB3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42AB3000
|
| Size: |
32768
|
|
|
754E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981628316.000000000754E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
754E000
|
| Size: |
8192
|
|
|
13EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972775486.00000000013EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
13EE000
|
| Size: |
8192
|
|
|
6E7F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E7F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E7F000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
14C4331A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1250464219.0000014C4331A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C4331A000
|
| Size: |
4096
|
|
|
5380000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.920818214.0000000005380000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5380000
|
| Size: |
32768
|
|
|
10A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917658540.00000000010A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10A0000
|
| Size: |
8192
|
|
|
D40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.970909790.0000000000D40000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D40000
|
| Size: |
4096
|
|
|
14C48256000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811830403.0000014C48256000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C48256000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
6D2D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D2D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D2D000
|
| Size: |
36864
|
|
|
A22E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3357222752.000000000A22E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A22E000
|
| Size: |
8192
|
|
|
134E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972101329.000000000134E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
134E000
|
| Size: |
8192
|
|
|
14C47FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1203171723.0000014C47FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C47FD0000
|
| Size: |
360448
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
14C42A00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2810462576.0000014C42A00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A00000
|
| Size: |
73728
|
|
|
14F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918681313.00000000014F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F0000
|
| Size: |
20480
|
|
|
5748000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979145731.0000000005748000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5748000
|
| Size: |
32768
|
|
|
6EB9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006EB9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6EB9000
|
| Size: |
65536
|
|
|
50FB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.964330275.00000000050FB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50FB000
|
| Size: |
4096
|
|
|
6ED1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006ED1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6ED1000
|
| Size: |
208896
|
|
|
14C47FD1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1265826379.0000014C47FD1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C47FD1000
|
| Size: |
4096
|
|
|
6D42000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D42000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D42000
|
| Size: |
8192
|
|
|
50D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349565686.00000000050D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
50D0000
|
| Size: |
8192
|
|
|
14A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918369046.00000000014A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14A0000
|
| Size: |
40960
|
|
|
4D6A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3348546962.0000000004D6A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D6A000
|
| Size: |
12288
|
|
|
6FF5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006FF5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FF5000
|
| Size: |
8192
|
|
|
6ECB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006ECB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6ECB000
|
| Size: |
4096
|
|
|
2B9E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.894748572.0000000002B9E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2B9E000
|
| Size: |
8192
|
|
|
958E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3356849203.000000000958E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
958E000
|
| Size: |
8192
|
|
|
110E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917734425.000000000110E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
110E000
|
| Size: |
8192
|
|
|
9590000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3356871737.0000000009590000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9590000
|
| Size: |
65536
|
|
|
14C482A2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812056598.0000014C482A2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C482A2000
|
| Size: |
20480
|
|
|
4F16000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963667134.0000000004F16000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F16000
|
| Size: |
364544
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
7A1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.923708367.0000000007A1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A1E000
|
| Size: |
8192
|
|
|
7ECF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.925063873.0000000007ECF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7ECF000
|
| Size: |
4096
|
|
|
4F6C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.978478945.0000000004F6C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4F6C000
|
| Size: |
16384
|
|
|
100D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971203679.000000000100D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
100D000
|
| Size: |
12288
|
|
|
14C48000000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1203301290.0000014C48000000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48000000
|
| Size: |
8192
|
|
|
14C485B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2808250103.0000014C485B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C485B0000
|
| Size: |
4096
|
|
|
804A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.000000000804A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
804A000
|
| Size: |
12288
|
|
|
12AE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917977228.00000000012AE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12AE000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
74E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.981497224.00000000074E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
74E0000
|
| Size: |
61440
|
|
|
A490000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.982517345.000000000A490000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A490000
|
| Size: |
4096
|
|
|
7E66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007E66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7E66000
|
| Size: |
12288
|
|
|
7330000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922611049.0000000007330000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7330000
|
| Size: |
712704
|
|
|
14CB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.918621519.00000000014CB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14CB000
|
| Size: |
4096
|
|
|
13A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972751624.00000000013A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
13A0000
|
| Size: |
4096
|
|
|
5106000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3349783723.0000000005106000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5106000
|
| Size: |
8192
|
|
|
4EC4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963555371.0000000004EC4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4EC4000
|
| Size: |
4096
|
|
|
2E71000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973741754.0000000002E71000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2E71000
|
| Size: |
266240
|
|
|
3E92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.977426984.0000000003E92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3E92000
|
| Size: |
4096
|
|
|
A7B0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3363149161.000000000A7B0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A7B0000
|
| Size: |
36864
|
|
|
50FD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3349721175.00000000050FD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50FD000
|
| Size: |
4096
|
|
|
1290000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917859431.0000000001290000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1290000
|
| Size: |
12288
|
|
|
6B4D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964820687.0000000006B4D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6B4D000
|
| Size: |
12288
|
|
|
14C42B13000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811334064.0000014C42B13000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42B13000
|
| Size: |
12288
|
|
|
2F80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.894957210.0000000002F80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2F80000
|
| Size: |
20480
|
|
|
6E4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E4A000
|
| Size: |
8192
|
|
|
768E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.981688623.000000000768E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
768E000
|
| Size: |
8192
|
|
|
2D04000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973345738.0000000002D04000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D04000
|
| Size: |
4096
|
|
|
14C42A3F000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2810785919.0000014C42A3F000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42A3F000
|
| Size: |
102400
|
|
|
A777000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3362951592.000000000A777000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A777000
|
| Size: |
36864
|
|
|
12E2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918060712.00000000012E2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12E2000
|
| Size: |
417792
|
|
|
701E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.980377866.000000000701E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
701E000
|
| Size: |
4096
|
|
|
10C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.917678770.00000000010C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10C0000
|
| Size: |
16384
|
|
|
2CCB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973111646.0000000002CCB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2CCB000
|
| Size: |
69632
|
|
|
7490000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.922963221.0000000007490000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7490000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
50E6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.964213547.00000000050E6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
50E6000
|
| Size: |
8192
|
|
|
6AF3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350804857.0000000006AF3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6AF3000
|
| Size: |
8192
|
|
|
6D20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D20000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2F4F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000004.00000002.894878066.0000000002F4F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
4
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F4F000
|
| Size: |
4096
|
|
|
14C480C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.2805476399.0000014C480C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C480C0000
|
| Size: |
4096
|
|
|
6AC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3350351920.0000000006AC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AC6000
|
| Size: |
16384
|
|
|
6E50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006E50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E50000
|
| Size: |
4096
|
|
|
4D10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963270994.0000000004D10000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D10000
|
| Size: |
4096
|
|
|
14C48263000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2812056598.0000014C48263000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C48263000
|
| Size: |
131072
|
|
|
9FEE7E000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000014.00000002.2810252688.00000009FEE7E000.00000002.00000001.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
9FEE7E000
|
| Size: |
4096
|
|
|
1353000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.972154710.0000000001353000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1353000
|
| Size: |
4096
|
|
|
14C43202000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811502571.0000014C43202000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C43202000
|
| Size: |
4096
|
|
|
9EA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.970683266.00000000009EA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9EA000
|
| Size: |
24576
|
|
|
2CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918727206.0000000002CA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2CA0000
|
| Size: |
4096
|
|
|
4E80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349431344.0000000004E80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E80000
|
| Size: |
4096
|
|
|
7D50000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007D50000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7D50000
|
| Size: |
16384
|
|
|
2D10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.973436251.0000000002D10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2D10000
|
| Size: |
65536
|
|
|
6BE0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.967191478.0000000006BE0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
6BE0000
|
| Size: |
4096
|
|
|
2E50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.918855704.0000000002E50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2E50000
|
| Size: |
65536
|
|
|
14C480A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1203883943.0000014C480A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C480A0000
|
| Size: |
4096
|
|
|
1380000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972645053.0000000001380000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1380000
|
| Size: |
4096
|
|
|
4D70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963377067.0000000004D70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D70000
|
| Size: |
16384
|
|
|
4D77000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3348546962.0000000004D77000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4D77000
|
| Size: |
507904
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
10F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.971972622.00000000010F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
10F5000
|
| Size: |
106496
|
|
|
4D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963344606.0000000004D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4D6E000
|
| Size: |
8192
|
|
|
6D88000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D88000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D88000
|
| Size: |
8192
|
|
|
4FBF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3349544837.0000000004FBF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4FBF000
|
| Size: |
4096
|
|
|
1376000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.972341508.0000000001376000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1376000
|
| Size: |
8192
|
|
|
1370000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.972301497.0000000001370000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1370000
|
| Size: |
4096
|
|
|
1387000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.972700084.0000000001387000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1387000
|
| Size: |
4096
|
|
|
90A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3356408725.00000000090A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
90A0000
|
| Size: |
65536
|
|
|
12C7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.918060712.00000000012C7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
12C7000
|
| Size: |
53248
|
|
|
49AB000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963196553.00000000049AB000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
49AB000
|
| Size: |
20480
|
|
|
9216000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3356491480.0000000009216000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9216000
|
| Size: |
8192
|
|
|
4FCC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.964119028.0000000004FCC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4FCC000
|
| Size: |
8192
|
|
|
4CF7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000007.00000002.963233006.0000000004CF7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4CF7000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Binary contains paths to debug symbols |
Compliance, System Summary |
|
|
|
510A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000012.00000002.3349809239.000000000510A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
510A000
|
| Size: |
8192
|
|
|
5120000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000007.00000002.964372336.0000000005120000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
7
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5120000
|
| Size: |
24576
|
|
|
14C48130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000014.00000003.1203128513.0000014C48130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
free memory
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14C48130000
|
| Size: |
8192
|
|
|
7FCE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3354902929.0000000007FCE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FCE000
|
| Size: |
4096
|
|
|
14C42B06000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000014.00000002.2811215798.0000014C42B06000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
20
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C42B06000
|
| Size: |
28672
|
|
|
5750000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.979223099.0000000005750000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5750000
|
| Size: |
65536
|
|
|
6D38000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000012.00000002.3351073803.0000000006D38000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
18
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6D38000
|
| Size: |
12288
|
|
|
5718000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.921826451.0000000005718000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5718000
|
| Size: |
32768
|
|
