|
42EC000
|
trusted library allocation
|
page read and write
|
 |
|
|
| Name: |
00000009.00000002.1353738607.00000000042EC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
42EC000
|
| Size: |
831488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found malware configuration |
AV Detection |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
68A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.00000000068A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
68A1000
|
| Size: |
323584
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
42F000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2445295185.000000000042F000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42F000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6A73000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A73000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A73000
|
| Size: |
102400
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4B79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1256817618.0000000004B79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B79000
|
| Size: |
831488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Malicious sample detected (through community Yara rule) |
System Summary |
|
| Yara detected Telegram RAT |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Yara detected VIP Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| Yara signature match |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
6F31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006F31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F31000
|
| Size: |
319488
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Snake Keylogger |
Stealing of Sensitive Information, Remote Access Functionality |
|
| URLs found in memory or binary data |
Networking |
|
|
|
49A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2446794087.00000000049A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A0000
|
| Size: |
16384
|
|
|
BBDD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1262759468.000000000BBDD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BBDD000
|
| Size: |
12288
|
|
|
6FF0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FF0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FF0000
|
| Size: |
65536
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
80C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000080C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80C4000
|
| Size: |
16384
|
|
|
68F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.00000000068F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
68F1000
|
| Size: |
32768
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
91EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1262203755.00000000091EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
91EE000
|
| Size: |
8192
|
|
|
B6DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1359057181.000000000B6DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B6DE000
|
| Size: |
8192
|
|
|
6A3A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A3A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A3A000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
69FE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.00000000069FE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
69FE000
|
| Size: |
4096
|
|
|
71B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000071B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71B4000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
14E3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1252566356.00000000014E3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14E3000
|
| Size: |
4096
|
|
|
275B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1348160372.000000000275B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
275B000
|
| Size: |
4096
|
|
|
4559000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2445912926.0000000004559000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4559000
|
| Size: |
28672
|
|
|
95F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457034093.00000000095F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
95F0000
|
| Size: |
4096
|
|
|
694D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.000000000694D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
694D000
|
| Size: |
4096
|
|
|
146E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252477062.000000000146E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
146E000
|
| Size: |
8192
|
|
|
50F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2446004828.00000000050F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
50F7000
|
| Size: |
36864
|
|
|
790C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.000000000790C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
790C000
|
| Size: |
8192
|
|
|
5830000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1259771668.0000000005830000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5830000
|
| Size: |
4096
|
|
|
3350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1230653877.0000000003350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3350000
|
| Size: |
16384
|
|
|
78C9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.00000000078C9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78C9000
|
| Size: |
188416
|
|
|
792A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261140100.000000000792A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
792A000
|
| Size: |
143360
|
|
|
45E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2446057300.00000000045E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45E0000
|
| Size: |
8192
|
|
|
6A03000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A03000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A03000
|
| Size: |
4096
|
|
|
70C4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000070C4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70C4000
|
| Size: |
4096
|
|
|
7B32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007B32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B32000
|
| Size: |
8192
|
|
|
A200000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458598075.000000000A200000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A200000
|
| Size: |
4096
|
|
|
6E48000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2448901349.0000000006E48000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6E48000
|
| Size: |
4096
|
|
|
9520000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2456563214.0000000009520000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9520000
|
| Size: |
49152
|
|
|
5200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355782416.0000000005200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5200000
|
| Size: |
12288
|
|
|
93B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456937499.00000000093B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
93B0000
|
| Size: |
65536
|
|
|
A340000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2460541349.000000000A340000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A340000
|
| Size: |
36864
|
|
|
52C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2446900648.00000000052C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52C0000
|
| Size: |
4096
|
|
|
6B33000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B33000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B33000
|
| Size: |
122880
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
A1EF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458311574.000000000A1EF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A1EF000
|
| Size: |
4096
|
|
|
A61E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2458140806.000000000A61E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A61E000
|
| Size: |
4096
|
|
|
6F8D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006F8D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F8D000
|
| Size: |
40960
|
|
|
A1F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458387330.000000000A1F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A1F6000
|
| Size: |
8192
|
|
|
BE5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1263044162.000000000BE5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BE5D000
|
| Size: |
12288
|
|
|
6E6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357122187.0000000006E6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E6E000
|
| Size: |
8192
|
|
|
69AC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.00000000069AC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
69AC000
|
| Size: |
266240
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
42E000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2445269201.000000000042E000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
42E000
|
| Size: |
4096
|
|
|
BED000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1228191737.0000000000BED000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BED000
|
| Size: |
12288
|
|
|
7133000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007133000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7133000
|
| Size: |
360448
|
|
|
3311000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253688155.0000000003311000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3311000
|
| Size: |
282624
|
|
|
6608000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2448729263.0000000006608000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6608000
|
| Size: |
4096
|
|
|
4A07000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2447274276.0000000004A07000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A07000
|
| Size: |
4096
|
|
|
52BD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2446836589.00000000052BD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52BD000
|
| Size: |
4096
|
|
|
17E6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1252826665.00000000017E6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17E6000
|
| Size: |
8192
|
|
|
6764000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449684700.0000000006764000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6764000
|
| Size: |
49152
|
|
|
3180000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253541404.0000000003180000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3180000
|
| Size: |
16384
|
|
|
2D8E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1229583839.0000000002D8E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2D8E000
|
| Size: |
8192
|
|
|
5418000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447511323.0000000005418000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5418000
|
| Size: |
135168
|
|
|
CCE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347452596.0000000000CCE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
CCE000
|
| Size: |
8192
|
|
|
6FA3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FA3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FA3000
|
| Size: |
4096
|
|
|
4A02000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2447192098.0000000004A02000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A02000
|
| Size: |
4096
|
|
|
6BA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006BA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BA7000
|
| Size: |
4096
|
|
|
70E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000070E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70E1000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5210000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1355860346.0000000005210000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
5210000
|
| Size: |
4096
|
|
|
AC70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2460403099.000000000AC70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AC70000
|
| Size: |
4096
|
|
|
554E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2448545286.000000000554E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
554E000
|
| Size: |
8192
|
|
|
674D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449031465.000000000674D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
674D000
|
| Size: |
69632
|
|
|
4A37000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2447374650.0000000004A37000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A37000
|
| Size: |
139264
|
|
|
B10000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000B10000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B10000
|
| Size: |
4096
|
|
|
5CA7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260471040.0000000005CA7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5CA7000
|
| Size: |
57344
|
|
|
71C6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000071C6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71C6000
|
| Size: |
122880
|
|
|
ACF0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2461099937.000000000ACF0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
ACF0000
|
| Size: |
36864
|
|
|
ABA0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2459501168.000000000ABA0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
ABA0000
|
| Size: |
65536
|
|
|
4DAA000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2445939435.0000000004DAA000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4DAA000
|
| Size: |
24576
|
|
|
185E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252968610.000000000185E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
185E000
|
| Size: |
8192
|
|
|
5550000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2448597762.0000000005550000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5550000
|
| Size: |
65536
|
|
|
A330000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2460483398.000000000A330000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A330000
|
| Size: |
32768
|
|
|
7A0B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007A0B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A0B000
|
| Size: |
4096
|
|
|
52A3000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2446533076.00000000052A3000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52A3000
|
| Size: |
4096
|
|
|
6B2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B2F000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
A8DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2459162521.000000000A8DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A8DE000
|
| Size: |
8192
|
|
|
70C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000070C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70C2000
|
| Size: |
4096
|
|
|
6941000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006941000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6941000
|
| Size: |
4096
|
|
|
6B60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B60000
|
| Size: |
12288
|
|
|
94C6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455830402.00000000094C6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
94C6000
|
| Size: |
8192
|
|
|
6FE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FE0000
|
| Size: |
4096
|
|
|
A240000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2459204313.000000000A240000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A240000
|
| Size: |
65536
|
|
|
81EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000081EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81EA000
|
| Size: |
8192
|
|
|
340A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253688155.000000000340A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
340A000
|
| Size: |
24576
|
|
|
14F5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252624278.00000000014F5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F5000
|
| Size: |
16384
|
|
|
54C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356003417.00000000054C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
54C0000
|
| Size: |
4096
|
|
|
6C10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356693906.0000000006C10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C10000
|
| Size: |
65536
|
|
|
14E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252583751.00000000014E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14E4000
|
| Size: |
4096
|
|
|
14F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252624278.00000000014F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14F0000
|
| Size: |
16384
|
|
|
5290000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2446412472.0000000005290000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5290000
|
| Size: |
16384
|
|
|
703E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357189497.000000000703E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
703E000
|
| Size: |
8192
|
|
|
4E50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2448645415.0000000004E50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4E50000
|
| Size: |
16384
|
|
|
1404000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252431856.0000000001404000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1404000
|
| Size: |
176128
|
|
|
8163000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000008163000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8163000
|
| Size: |
8192
|
|
|
800D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.000000000800D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
800D000
|
| Size: |
4096
|
|
|
57D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1259591143.00000000057D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
57D0000
|
| Size: |
65536
|
|
|
49FA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2447079066.00000000049FA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
49FA000
|
| Size: |
8192
|
|
|
3A89000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1353738607.0000000003A89000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A89000
|
| Size: |
4096
|
|
|
4A67000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2447374650.0000000004A67000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A67000
|
| Size: |
491520
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
94CB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455830402.00000000094CB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
94CB000
|
| Size: |
8192
|
|
|
1365000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252173285.0000000001365000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1365000
|
| Size: |
32768
|
|
|
673E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449031465.000000000673E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
673E000
|
| Size: |
4096
|
|
|
73B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260567382.00000000073B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73B0000
|
| Size: |
24576
|
|
|
A320000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2460408290.000000000A320000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A320000
|
| Size: |
40960
|
|
|
899E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456229841.000000000899E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
899E000
|
| Size: |
8192
|
|
|
5560000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2448722269.0000000005560000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5560000
|
| Size: |
4096
|
|
|
2D4E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1229379771.0000000002D4E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
2D4E000
|
| Size: |
8192
|
|
|
94B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455742468.00000000094B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
94B0000
|
| Size: |
65536
|
|
|
8207000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000008207000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8207000
|
| Size: |
4096
|
|
|
796B000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261347523.000000000796B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
796B000
|
| Size: |
20480
|
|
|
28A0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1348304637.00000000028A0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
28A0000
|
| Size: |
65536
|
|
|
82D9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000082D9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
82D9000
|
| Size: |
4096
|
|
|
8D6D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456322620.0000000008D6D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8D6D000
|
| Size: |
12288
|
|
|
6732000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449031465.0000000006732000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6732000
|
| Size: |
28672
|
|
|
6B2A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B2A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B2A000
|
| Size: |
4096
|
|
|
6A3F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A3F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A3F000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
5C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260047588.0000000005C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5C2E000
|
| Size: |
8192
|
|
|
4A00000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2447136547.0000000004A00000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A00000
|
| Size: |
4096
|
|
|
7A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261720742.0000000007A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7A9E000
|
| Size: |
8192
|
|
|
2752000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348116464.0000000002752000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2752000
|
| Size: |
4096
|
|
|
6FD8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FD8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FD8000
|
| Size: |
4096
|
|
|
E5F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347608198.0000000000E5F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
E5F000
|
| Size: |
4096
|
|
|
6746000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449031465.0000000006746000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6746000
|
| Size: |
16384
|
|
|
7F3B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000007F3B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F3B000
|
| Size: |
8192
|
|
|
A5E3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2458140806.000000000A5E3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A5E3000
|
| Size: |
4096
|
|
|
7131000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007131000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7131000
|
| Size: |
4096
|
|
|
95E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2456861088.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
95E6000
|
| Size: |
8192
|
|
|
43F000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2445269201.000000000043F000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
43F000
|
| Size: |
4096
|
|
|
96A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457121251.00000000096A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
96A0000
|
| Size: |
4096
|
|
|
A370000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2460648879.000000000A370000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A370000
|
| Size: |
4096
|
|
|
ED8000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1196070581.0000000000ED8000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
ED8000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
52D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447165829.00000000052D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52D0000
|
| Size: |
4096
|
|
|
8DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456412560.0000000008DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8DEE000
|
| Size: |
8192
|
|
|
A208000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458598075.000000000A208000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A208000
|
| Size: |
16384
|
|
|
C1FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1263187048.000000000C1FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C1FC000
|
| Size: |
16384
|
|
|
8186000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000008186000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8186000
|
| Size: |
4096
|
|
|
94C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455830402.00000000094C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
94C0000
|
| Size: |
20480
|
|
|
ABB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2459631548.000000000ABB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ABB0000
|
| Size: |
8192
|
|
|
837D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357298239.000000000837D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
837D000
|
| Size: |
319488
|
|
|
9BA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457475152.0000000009BA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9BA0000
|
| Size: |
49152
|
|
|
7F31000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000007F31000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F31000
|
| Size: |
32768
|
|
|
6760000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449684700.0000000006760000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6760000
|
| Size: |
4096
|
|
|
71EF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000071EF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71EF000
|
| Size: |
4096
|
|
|
52B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2446761711.00000000052B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52B0000
|
| Size: |
28672
|
|
|
6C20000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1356752332.0000000006C20000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6C20000
|
| Size: |
65536
|
|
|
13D9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252173285.00000000013D9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D9000
|
| Size: |
16384
|
|
|
7F9B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000007F9B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9B000
|
| Size: |
4096
|
|
|
B12000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000B12000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B12000
|
| Size: |
348160
|
|
|
8E00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456480406.0000000008E00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E00000
|
| Size: |
4096
|
|
|
FD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252108144.0000000000FD0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FD0000
|
| Size: |
4096
|
|
|
2F4D000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322248040.0000000002F4D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F4D000
|
| Size: |
12288
|
|
|
5DE0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260534304.0000000005DE0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5DE0000
|
| Size: |
45056
|
|
|
C5FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1263579616.000000000C5FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C5FF000
|
| Size: |
4096
|
|
|
5760000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1258632843.0000000005760000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5760000
|
| Size: |
4096
|
|
|
ABF0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2459993656.000000000ABF0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
ABF0000
|
| Size: |
4096
|
|
|
52E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447342197.00000000052E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52E0000
|
| Size: |
16384
|
|
|
7C4B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007C4B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C4B000
|
| Size: |
4096
|
|
|
707E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357220575.000000000707E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
707E000
|
| Size: |
8192
|
|
|
94ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455830402.00000000094ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
94ED000
|
| Size: |
69632
|
|
|
81D8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000081D8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81D8000
|
| Size: |
12288
|
|
|
AB9F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2459469041.000000000AB9F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB9F000
|
| Size: |
4096
|
|
|
EA7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348016797.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EA7000
|
| Size: |
32768
|
|
|
71FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000071FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71FA000
|
| Size: |
135168
|
|
|
7925000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007925000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7925000
|
| Size: |
12288
|
|
|
A5E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2458140806.000000000A5E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A5E5000
|
| Size: |
221184
|
|
|
6949000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006949000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6949000
|
| Size: |
4096
|
|
|
1300000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252156635.0000000001300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1300000
|
| Size: |
4096
|
|
|
7C17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007C17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C17000
|
| Size: |
8192
|
|
|
2BC6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1349053451.0000000002BC6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2BC6000
|
| Size: |
315392
|
|
|
A2E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2459695442.000000000A2E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A2E0000
|
| Size: |
12288
|
|
|
A89E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2459104254.000000000A89E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A89E000
|
| Size: |
8192
|
|
|
49F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2446903105.00000000049F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49F0000
|
| Size: |
4096
|
|
|
5205000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355782416.0000000005205000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5205000
|
| Size: |
40960
|
|
|
79D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261523722.00000000079D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
79D0000
|
| Size: |
65536
|
|
|
A1F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458387330.000000000A1F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A1F4000
|
| Size: |
4096
|
|
|
31F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253636074.00000000031F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
31F0000
|
| Size: |
4096
|
|
|
6B21000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B21000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B21000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
52A4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2446590360.00000000052A4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52A4000
|
| Size: |
8192
|
|
|
A220000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2459033734.000000000A220000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A220000
|
| Size: |
65536
|
|
|
5C40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1260217977.0000000005C40000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5C40000
|
| Size: |
65536
|
|
|
B0DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358744038.000000000B0DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B0DE000
|
| Size: |
8192
|
|
|
A5E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2458140806.000000000A5E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A5E0000
|
| Size: |
8192
|
|
|
2DEE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1230398202.0000000002DEE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2DEE000
|
| Size: |
8192
|
|
|
2A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348773189.0000000002A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A20000
|
| Size: |
65536
|
|
|
672E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449031465.000000000672E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
672E000
|
| Size: |
12288
|
|
|
6780000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449860517.0000000006780000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6780000
|
| Size: |
49152
|
|
|
BBE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1262785171.000000000BBE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BBE0000
|
| Size: |
36864
|
|
|
33BC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253688155.00000000033BC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
33BC000
|
| Size: |
315392
|
|
|
7FCB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000007FCB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FCB000
|
| Size: |
4096
|
|
|
960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346680971.0000000000960000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
960000
|
| Size: |
4096
|
|
|
77B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261087574.00000000077B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
77B0000
|
| Size: |
86016
|
|
|
4A0B000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2447308926.0000000004A0B000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A0B000
|
| Size: |
4096
|
|
|
B49D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358948480.000000000B49D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B49D000
|
| Size: |
12288
|
|
|
66A0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2448758862.00000000066A0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
66A0000
|
| Size: |
4096
|
|
|
9B1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457272412.0000000009B1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B1E000
|
| Size: |
8192
|
|
|
A25E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457678551.000000000A25E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A25E000
|
| Size: |
8192
|
|
|
9D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2457186965.0000000009D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9D6E000
|
| Size: |
8192
|
|
|
E96000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1347963856.0000000000E96000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
E96000
|
| Size: |
8192
|
|
|
4980000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2446403456.0000000004980000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4980000
|
| Size: |
8192
|
|
|
AE60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358617788.000000000AE60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AE60000
|
| Size: |
4096
|
|
|
6A52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A52000
|
| Size: |
73728
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7ADE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261757920.0000000007ADE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7ADE000
|
| Size: |
8192
|
|
|
7B67000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007B67000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B67000
|
| Size: |
4096
|
|
|
A71E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2458881894.000000000A71E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A71E000
|
| Size: |
8192
|
|
|
4319000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1256817618.0000000004319000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4319000
|
| Size: |
4096
|
|
|
A317000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2460192659.000000000A317000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A317000
|
| Size: |
36864
|
|
|
7A7D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007A7D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A7D000
|
| Size: |
12288
|
|
|
54D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356027689.00000000054D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
54D0000
|
| Size: |
65536
|
|
|
6A65000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A65000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A65000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
94E6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455830402.00000000094E6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
94E6000
|
| Size: |
16384
|
|
|
82BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000082BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
82BD000
|
| Size: |
12288
|
|
|
B1DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358785689.000000000B1DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B1DE000
|
| Size: |
8192
|
|
|
5510000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356457429.0000000005510000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5510000
|
| Size: |
28672
|
|
|
AD0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000AD0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD0000
|
| Size: |
36864
|
|
|
6918000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006918000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6918000
|
| Size: |
4096
|
|
|
2A70000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1349023369.0000000002A70000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
2A70000
|
| Size: |
4096
|
|
|
94DA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455830402.00000000094DA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
94DA000
|
| Size: |
4096
|
|
|
AF9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358655295.000000000AF9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AF9D000
|
| Size: |
12288
|
|
|
6C30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356866249.0000000006C30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6C30000
|
| Size: |
65536
|
|
|
673A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449031465.000000000673A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
673A000
|
| Size: |
4096
|
|
|
6B66000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B66000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B66000
|
| Size: |
139264
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
57E0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1259712172.00000000057E0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
57E0000
|
| Size: |
4096
|
|
|
B92000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000B92000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B92000
|
| Size: |
16384
|
|
|
6A2C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A2C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A2C000
|
| Size: |
8192
|
|
|
BB8000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347346176.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BB8000
|
| Size: |
4096
|
|
|
7C76000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007C76000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C76000
|
| Size: |
16384
|
|
|
BF9D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1263111220.000000000BF9D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BF9D000
|
| Size: |
12288
|
|
|
29FD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348441847.00000000029FD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29FD000
|
| Size: |
69632
|
|
|
707E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.000000000707E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
707E000
|
| Size: |
57344
|
|
|
F6A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252085919.0000000000F6A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
F6A000
|
| Size: |
24576
|
|
|
7AD5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007AD5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7AD5000
|
| Size: |
8192
|
|
|
81F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000081F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81F0000
|
| Size: |
4096
|
|
|
6F20000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2449044272.0000000006F20000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
6F20000
|
| Size: |
4096
|
|
|
4AF2000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2447374650.0000000004AF2000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4AF2000
|
| Size: |
4096
|
|
|
5130000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355632714.0000000005130000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5130000
|
| Size: |
12288
|
|
|
6C90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1356940911.0000000006C90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
6C90000
|
| Size: |
45056
|
|
|
A85D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2459014788.000000000A85D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A85D000
|
| Size: |
12288
|
|
|
4983000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2446463952.0000000004983000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4983000
|
| Size: |
4096
|
|
|
8F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346650438.00000000008F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8F7000
|
| Size: |
36864
|
|
|
2770000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348192482.0000000002770000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2770000
|
| Size: |
4096
|
|
|
7D3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1262134796.0000000007D3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D3E000
|
| Size: |
8192
|
|
|
6AA4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006AA4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AA4000
|
| Size: |
344064
|
|
|
BF5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1263081119.000000000BF5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BF5E000
|
| Size: |
8192
|
|
|
936D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456832739.000000000936D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
936D000
|
| Size: |
12288
|
|
|
49A5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2446794087.00000000049A5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
49A5000
|
| Size: |
12288
|
|
|
E92000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347937243.0000000000E92000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E92000
|
| Size: |
4096
|
|
|
A02E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458070017.000000000A02E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A02E000
|
| Size: |
8192
|
|
|
4B39000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1256817618.0000000004B39000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4B39000
|
| Size: |
184320
|
|
|
17DD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1252765625.00000000017DD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17DD000
|
| Size: |
4096
|
|
|
6F1C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2448951496.0000000006F1C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6F1C000
|
| Size: |
16384
|
|
|
7B61000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007B61000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B61000
|
| Size: |
8192
|
|
|
51F0000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000008.00000002.2446159396.00000000051F0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
51F0000
|
| Size: |
4096
|
|
|
95E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2456861088.00000000095E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
95E4000
|
| Size: |
4096
|
|
|
333E000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322348186.000000000333E000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
333E000
|
| Size: |
8192
|
|
|
A35E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457786388.000000000A35E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A35E000
|
| Size: |
8192
|
|
|
7B79000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007B79000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B79000
|
| Size: |
4096
|
|
|
4F83000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355493418.0000000004F83000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F83000
|
| Size: |
12288
|
|
|
6FEC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FEC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FEC000
|
| Size: |
4096
|
|
|
30E0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1230488603.00000000030E0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30E0000
|
| Size: |
32768
|
|
|
A628000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2458140806.000000000A628000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A628000
|
| Size: |
4096
|
|
|
A230000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2459118481.000000000A230000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A230000
|
| Size: |
65536
|
|
|
3161000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253408727.0000000003161000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3161000
|
| Size: |
16384
|
|
|
4990000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2446660254.0000000004990000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4990000
|
| Size: |
45056
|
|
|
316D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253408727.000000000316D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
316D000
|
| Size: |
69632
|
|
|
6CDE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356987709.0000000006CDE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6CDE000
|
| Size: |
8192
|
|
|
315E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253408727.000000000315E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
315E000
|
| Size: |
8192
|
|
|
57C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1259561413.00000000057C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
57C0000
|
| Size: |
8192
|
|
|
78A1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.00000000078A1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
78A1000
|
| Size: |
32768
|
|
|
C6FE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1263616057.000000000C6FE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C6FE000
|
| Size: |
8192
|
|
|
33BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322383818.00000000033BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33BE000
|
| Size: |
8192
|
|
|
54CB000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447511323.00000000054CB000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
54CB000
|
| Size: |
4096
|
|
|
2A14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348672594.0000000002A14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A14000
|
| Size: |
4096
|
|
|
A780000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2460704023.000000000A780000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A780000
|
| Size: |
8192
|
|
|
1897000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253267893.0000000001897000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1897000
|
| Size: |
32768
|
|
|
AC00000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2460089616.000000000AC00000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AC00000
|
| Size: |
65536
|
|
|
523E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2446218012.000000000523E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
523E000
|
| Size: |
8192
|
|
|
B76000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000B76000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B76000
|
| Size: |
24576
|
|
|
53BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355890404.00000000053BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
53BE000
|
| Size: |
8192
|
|
|
5410000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447511323.0000000005410000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5410000
|
| Size: |
28672
|
|
|
7252000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007252000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7252000
|
| Size: |
16384
|
|
|
349B000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322442725.000000000349B000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
349B000
|
| Size: |
94208
|
|
|
B86000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000B86000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B86000
|
| Size: |
4096
|
|
|
6A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A30000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
8202000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000008202000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8202000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
13D1000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252173285.00000000013D1000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13D1000
|
| Size: |
8192
|
|
|
95D0000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2456824447.00000000095D0000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
95D0000
|
| Size: |
4096
|
|
|
ACA0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2460775494.000000000ACA0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ACA0000
|
| Size: |
4096
|
|
|
14ED000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1252602347.00000000014ED000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
14ED000
|
| Size: |
4096
|
|
|
6BA9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006BA9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BA9000
|
| Size: |
4096
|
|
|
AA5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2459343694.000000000AA5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AA5E000
|
| Size: |
8192
|
|
|
2A35000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348836110.0000000002A35000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A35000
|
| Size: |
45056
|
|
|
311C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253347711.000000000311C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
311C000
|
| Size: |
16384
|
|
|
54F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356295025.00000000054F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
54F4000
|
| Size: |
49152
|
|
|
689E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449952474.000000000689E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
689E000
|
| Size: |
8192
|
|
|
8E03000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456480406.0000000008E03000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8E03000
|
| Size: |
8192
|
|
|
71AA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000071AA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71AA000
|
| Size: |
4096
|
|
|
722F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.000000000722F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
722F000
|
| Size: |
12288
|
|
|
AF7000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000AF7000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AF7000
|
| Size: |
49152
|
|
|
4E40000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2448561130.0000000004E40000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4E40000
|
| Size: |
65536
|
|
|
BD3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1262958152.000000000BD3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BD3E000
|
| Size: |
8192
|
|
|
9D70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2457231247.0000000009D70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9D70000
|
| Size: |
196608
|
|
|
5240000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2446281592.0000000005240000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5240000
|
| Size: |
8192
|
|
|
83E9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357298239.00000000083E9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83E9000
|
| Size: |
61440
|
|
|
6FA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FA7000
|
| Size: |
4096
|
|
|
1402000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252431856.0000000001402000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1402000
|
| Size: |
4096
|
|
|
1810000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252950703.0000000001810000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1810000
|
| Size: |
4096
|
|
|
9510000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2456465039.0000000009510000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9510000
|
| Size: |
65536
|
|
|
5980000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1259925813.0000000005980000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5980000
|
| Size: |
65536
|
|
|
82A5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000082A5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
82A5000
|
| Size: |
8192
|
|
|
49F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2446954249.00000000049F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
49F2000
|
| Size: |
4096
|
|
|
D4E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347509143.0000000000D4E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D4E000
|
| Size: |
8192
|
|
|
5F9000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346619380.00000000005F9000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
5F9000
|
| Size: |
28672
|
|
|
A2E4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2459695442.000000000A2E4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A2E4000
|
| Size: |
32768
|
|
|
81E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000081E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81E0000
|
| Size: |
8192
|
|
|
6B17000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B17000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B17000
|
| Size: |
4096
|
|
|
723A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.000000000723A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
723A000
|
| Size: |
8192
|
|
|
16CE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252710908.00000000016CE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
16CE000
|
| Size: |
8192
|
|
|
2DA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1230135204.0000000002DA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2DA0000
|
| Size: |
20480
|
|
|
4A65000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2447374650.0000000004A65000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A65000
|
| Size: |
4096
|
|
|
2A81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1349053451.0000000002A81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A81000
|
| Size: |
286720
|
|
|
540C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1258035455.000000000540C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
540C000
|
| Size: |
16384
|
|
|
543A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447511323.000000000543A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
543A000
|
| Size: |
8192
|
|
|
99DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457169342.00000000099DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
99DE000
|
| Size: |
8192
|
|
|
4A20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2447340641.0000000004A20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4A20000
|
| Size: |
4096
|
|
|
6AA2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006AA2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6AA2000
|
| Size: |
4096
|
|
|
71F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000071F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71F4000
|
| Size: |
12288
|
|
|
8EB0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456632550.0000000008EB0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8EB0000
|
| Size: |
4096
|
|
|
A0EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458230214.000000000A0EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A0EE000
|
| Size: |
8192
|
|
|
29BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348371134.00000000029BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
29BE000
|
| Size: |
8192
|
|
|
FE0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252123889.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
FE0000
|
| Size: |
8192
|
|
|
EA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348016797.0000000000EA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
EA0000
|
| Size: |
20480
|
|
|
3359000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253688155.0000000003359000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3359000
|
| Size: |
401408
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
| URLs found in memory or binary data |
Networking |
|
|
|
ACB0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2460910251.000000000ACB0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ACB0000
|
| Size: |
40960
|
|
|
17F2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252887754.00000000017F2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17F2000
|
| Size: |
4096
|
|
|
5504000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2448483802.0000000005504000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5504000
|
| Size: |
45056
|
|
|
2AD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1349053451.0000000002AD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AD4000
|
| Size: |
987136
|
|
|
52CA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2447089965.00000000052CA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52CA000
|
| Size: |
8192
|
|
|
A270000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2459471453.000000000A270000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A270000
|
| Size: |
65536
|
|
|
817B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.000000000817B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
817B000
|
| Size: |
12288
|
|
|
6B54000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B54000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B54000
|
| Size: |
12288
|
|
|
5750000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1258156694.0000000005750000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5750000
|
| Size: |
65536
|
|
|
A62A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2458140806.000000000A62A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A62A000
|
| Size: |
237568
|
|
|
E90000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347913444.0000000000E90000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E90000
|
| Size: |
4096
|
|
|
ABD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2459782115.000000000ABD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ABD0000
|
| Size: |
4096
|
|
|
7C2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261824487.0000000007C2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7C2E000
|
| Size: |
8192
|
|
|
7981000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007981000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7981000
|
| Size: |
4096
|
|
|
6909000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006909000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6909000
|
| Size: |
12288
|
|
|
7F53000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000007F53000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F53000
|
| Size: |
12288
|
|
|
53D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355921696.00000000053D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
53D0000
|
| Size: |
45056
|
|
|
723D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.000000000723D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
723D000
|
| Size: |
4096
|
|
|
A40000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346700065.0000000000A40000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A40000
|
| Size: |
8192
|
|
|
6B5B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B5B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B5B000
|
| Size: |
8192
|
|
|
6F81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006F81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F81000
|
| Size: |
28672
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7971000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261347523.0000000007971000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
7971000
|
| Size: |
53248
|
|
|
71BD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000071BD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71BD000
|
| Size: |
4096
|
|
|
6720000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449031465.0000000006720000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6720000
|
| Size: |
20480
|
|
|
B35B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358824906.000000000B35B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B35B000
|
| Size: |
20480
|
|
|
1870000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253111026.0000000001870000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1870000
|
| Size: |
65536
|
|
|
314B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253408727.000000000314B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
314B000
|
| Size: |
69632
|
|
|
14D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252532660.00000000014D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14D0000
|
| Size: |
8192
|
|
|
AC76000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2460403099.000000000AC76000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AC76000
|
| Size: |
4096
|
|
|
6951000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006951000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6951000
|
| Size: |
4096
|
|
|
B09E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358707431.000000000B09E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B09E000
|
| Size: |
8192
|
|
|
441000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2445269201.0000000000441000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
441000
|
| Size: |
16384
|
|
|
9DAC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2457231247.0000000009DAC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9DAC000
|
| Size: |
286720
|
|
|
9DA3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2457231247.0000000009DA3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
9DA3000
|
| Size: |
4096
|
|
|
81F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000081F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81F5000
|
| Size: |
4096
|
|
|
E9A000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1347991489.0000000000E9A000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
E9A000
|
| Size: |
8192
|
|
|
810B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.000000000810B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
810B000
|
| Size: |
12288
|
|
|
4F70000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.1355426415.0000000004F70000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
4F70000
|
| Size: |
4096
|
|
|
2AC9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1349053451.0000000002AC9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2AC9000
|
| Size: |
36864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
7B73000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007B73000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B73000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
959D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2456673249.000000000959D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
959D000
|
| Size: |
12288
|
|
|
A300000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2460021481.000000000A300000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A300000
|
| Size: |
65536
|
|
|
81FC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000081FC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81FC000
|
| Size: |
4096
|
|
|
6961000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006961000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6961000
|
| Size: |
57344
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
289B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348272238.000000000289B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
289B000
|
| Size: |
20480
|
|
|
7A67000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007A67000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A67000
|
| Size: |
8192
|
|
|
5770000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1258863893.0000000005770000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5770000
|
| Size: |
65536
|
|
|
82D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000082D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
82D7000
|
| Size: |
4096
|
|
|
4311000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1256817618.0000000004311000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4311000
|
| Size: |
28672
|
|
|
17D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252746225.00000000017D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17D0000
|
| Size: |
40960
|
|
|
803D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.000000000803D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
803D000
|
| Size: |
20480
|
|
|
A280000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2459591341.000000000A280000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A280000
|
| Size: |
65536
|
|
|
3185000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253541404.0000000003185000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3185000
|
| Size: |
45056
|
|
|
AD5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358481095.000000000AD5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AD5E000
|
| Size: |
8192
|
|
|
AD00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2461151632.000000000AD00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
AD00000
|
| Size: |
4096
|
|
|
8304000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000008304000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8304000
|
| Size: |
16384
|
|
|
83F9000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357298239.00000000083F9000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83F9000
|
| Size: |
57344
|
|
|
797F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.000000000797F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
797F000
|
| Size: |
4096
|
|
|
7FB3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000007FB3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7FB3000
|
| Size: |
12288
|
|
|
94D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455830402.00000000094D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
94D2000
|
| Size: |
28672
|
|
|
7C30000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261870183.0000000007C30000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
7C30000
|
| Size: |
557056
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
8D00000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2456276150.0000000008D00000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
8D00000
|
| Size: |
4096
|
|
|
A20D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458598075.000000000A20D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A20D000
|
| Size: |
12288
|
|
|
9504000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2456317670.0000000009504000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9504000
|
| Size: |
4096
|
|
|
4F30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355251411.0000000004F30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F30000
|
| Size: |
65536
|
|
|
95C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2456723090.00000000095C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
95C0000
|
| Size: |
65536
|
|
|
3140000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253408727.0000000003140000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3140000
|
| Size: |
32768
|
|
|
7110000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007110000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7110000
|
| Size: |
61440
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
E12000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1195988526.0000000000E12000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E12000
|
| Size: |
806912
|
|
|
6BA1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006BA1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BA1000
|
| Size: |
12288
|
|
|
3411000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253688155.0000000003411000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3411000
|
| Size: |
4194304
|
|
|
4960000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2446246441.0000000004960000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4960000
|
| Size: |
16384
|
|
|
B8DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1262678005.000000000B8DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B8DE000
|
| Size: |
8192
|
|
|
91EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456677689.00000000091EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
91EE000
|
| Size: |
8192
|
|
|
70BD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357264536.00000000070BD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
70BD000
|
| Size: |
12288
|
|
|
48F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2446150866.00000000048F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
48F7000
|
| Size: |
36864
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2445295185.0000000000402000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
402000
|
| Size: |
131072
|
|
|
69AA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.00000000069AA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
69AA000
|
| Size: |
4096
|
|
|
70BC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000070BC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70BC000
|
| Size: |
8192
|
|
|
9EAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2457910308.0000000009EAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9EAD000
|
| Size: |
12288
|
|
|
440000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2445295185.0000000000440000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
440000
|
| Size: |
4096
|
|
|
B9DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1262703018.000000000B9DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B9DE000
|
| Size: |
8192
|
|
|
691C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.000000000691C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
691C000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
A06E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458118321.000000000A06E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A06E000
|
| Size: |
8192
|
|
|
B45C000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358864467.000000000B45C000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B45C000
|
| Size: |
16384
|
|
|
6726000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449031465.0000000006726000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6726000
|
| Size: |
8192
|
|
|
4F50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1355353606.0000000004F50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F50000
|
| Size: |
65536
|
|
|
5500000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1356374785.0000000005500000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5500000
|
| Size: |
65536
|
|
|
9C6D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2457129463.0000000009C6D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9C6D000
|
| Size: |
12288
|
|
|
4F20000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355029228.0000000004F20000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F20000
|
| Size: |
4096
|
|
|
C2FC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1263285498.000000000C2FC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C2FC000
|
| Size: |
16384
|
|
|
793D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.000000000793D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
793D000
|
| Size: |
4096
|
|
|
45C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2445970403.00000000045C0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
45C0000
|
| Size: |
4096
|
|
|
31B0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253611351.00000000031B0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
31B0000
|
| Size: |
65536
|
|
|
7102000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007102000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7102000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
AC7A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2460403099.000000000AC7A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AC7A000
|
| Size: |
8192
|
|
|
14E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252548436.00000000014E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
14E0000
|
| Size: |
8192
|
|
|
AC10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2460271807.000000000AC10000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AC10000
|
| Size: |
65536
|
|
|
A49E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457993151.000000000A49E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A49E000
|
| Size: |
8192
|
|
|
E8D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1347882375.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
E8D000
|
| Size: |
4096
|
|
|
3420000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322421011.0000000003420000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3420000
|
| Size: |
16384
|
|
|
71C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000071C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71C2000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
6FDC000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FDC000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FDC000
|
| Size: |
4096
|
|
|
7099000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007099000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7099000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4F10000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1354857675.0000000004F10000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4F10000
|
| Size: |
65536
|
|
|
52DB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2447310821.00000000052DB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52DB000
|
| Size: |
4096
|
|
|
4B20000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2448440376.0000000004B20000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4B20000
|
| Size: |
61440
|
|
|
29C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348394506.00000000029C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29C0000
|
| Size: |
65536
|
|
|
422000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2445269201.0000000000422000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
422000
|
| Size: |
4096
|
|
|
5843000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1259798262.0000000005843000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5843000
|
| Size: |
12288
|
|
|
ADE000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000ADE000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ADE000
|
| Size: |
98304
|
|
|
B080000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2461182522.000000000B080000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B080000
|
| Size: |
8192
|
|
|
7B26000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007B26000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B26000
|
| Size: |
20480
|
|
|
7C2F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007C2F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C2F000
|
| Size: |
12288
|
|
|
6F98000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006F98000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F98000
|
| Size: |
8192
|
|
|
9B9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457426317.0000000009B9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B9E000
|
| Size: |
8192
|
|
|
552A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356513091.000000000552A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
552A000
|
| Size: |
4096
|
|
|
6FAB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FAB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FAB000
|
| Size: |
24576
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
17CF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252729077.00000000017CF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
17CF000
|
| Size: |
4096
|
|
|
E70000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347669834.0000000000E70000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E70000
|
| Size: |
8192
|
|
|
52D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447218700.00000000052D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52D2000
|
| Size: |
4096
|
|
|
ACC0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2460998370.000000000ACC0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ACC0000
|
| Size: |
32768
|
|
|
83CC000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357298239.00000000083CC000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
83CC000
|
| Size: |
94208
|
|
|
3166000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253408727.0000000003166000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3166000
|
| Size: |
16384
|
|
|
2C14000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1349053451.0000000002C14000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C14000
|
| Size: |
4096
|
|
|
5DD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260506208.0000000005DD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5DD0000
|
| Size: |
28672
|
|
|
AA1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2459292322.000000000AA1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AA1E000
|
| Size: |
8192
|
|
|
2A40000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348910083.0000000002A40000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A40000
|
| Size: |
65536
|
|
|
7244000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007244000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7244000
|
| Size: |
24576
|
|
|
ADA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000ADA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
ADA000
|
| Size: |
8192
|
|
|
71E8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000071E8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71E8000
|
| Size: |
12288
|
|
|
6914000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006914000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6914000
|
| Size: |
4096
|
|
|
70F4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000070F4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70F4000
|
| Size: |
53248
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
79AF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.00000000079AF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
79AF000
|
| Size: |
20480
|
|
|
AE5D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358506309.000000000AE5D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AE5D000
|
| Size: |
12288
|
|
|
6A0E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A0E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A0E000
|
| Size: |
77824
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
4B7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1354692120.0000000004B7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4B7D000
|
| Size: |
12288
|
|
|
52D5000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2447253962.00000000052D5000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52D5000
|
| Size: |
4096
|
|
|
6BBF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006BBF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BBF000
|
| Size: |
12288
|
|
|
8065000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000008065000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8065000
|
| Size: |
8192
|
|
|
1860000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1253085277.0000000001860000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
1860000
|
| Size: |
65536
|
|
|
80F5000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000080F5000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
80F5000
|
| Size: |
8192
|
|
|
B04000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000B04000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B04000
|
| Size: |
36864
|
|
|
7B5C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007B5C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B5C000
|
| Size: |
8192
|
|
|
8359000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357298239.0000000008359000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8359000
|
| Size: |
12288
|
|
|
B5DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1359025311.000000000B5DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B5DE000
|
| Size: |
8192
|
|
|
AA9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2459427181.000000000AA9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AA9E000
|
| Size: |
8192
|
|
|
95EA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2456861088.00000000095EA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
95EA000
|
| Size: |
24576
|
|
|
C300000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1263465027.000000000C300000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C300000
|
| Size: |
266240
|
|
|
7B4A000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007B4A000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B4A000
|
| Size: |
12288
|
|
|
33FF000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322403437.00000000033FF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
33FF000
|
| Size: |
4096
|
|
|
E7D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1347752698.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
E7D000
|
| Size: |
4096
|
|
|
A206000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458598075.000000000A206000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A206000
|
| Size: |
4096
|
|
|
5C60000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260326119.0000000005C60000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C60000
|
| Size: |
4096
|
|
|
5C30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260077299.0000000005C30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5C30000
|
| Size: |
65536
|
|
|
27BE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348214455.00000000027BE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
27BE000
|
| Size: |
8192
|
|
|
2A30000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348836110.0000000002A30000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A30000
|
| Size: |
16384
|
|
|
6BC3000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006BC3000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BC3000
|
| Size: |
512000
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
E74000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347725351.0000000000E74000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E74000
|
| Size: |
4096
|
|
|
6FD0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FD0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FD0000
|
| Size: |
4096
|
|
|
6710000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2448894537.0000000006710000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6710000
|
| Size: |
65536
|
|
|
6A09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A09000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
2A10000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348672594.0000000002A10000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A10000
|
| Size: |
4096
|
|
|
5400000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447478198.0000000005400000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5400000
|
| Size: |
4096
|
|
|
A55000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346752643.0000000000A55000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A55000
|
| Size: |
4096
|
|
|
807B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.000000000807B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
807B000
|
| Size: |
12288
|
|
|
7018000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007018000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7018000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
902E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455705029.000000000902E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
902E000
|
| Size: |
8192
|
|
|
7234000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007234000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7234000
|
| Size: |
16384
|
|
|
13C5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252173285.00000000013C5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13C5000
|
| Size: |
12288
|
|
|
32D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322312221.00000000032D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32D0000
|
| Size: |
4096
|
|
|
5280000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2446339832.0000000005280000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5280000
|
| Size: |
8192
|
|
|
337F000
|
unkown
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322367161.000000000337F000.00000004.00000001.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
unkown
|
| Protect: |
page read and write
|
| Base address: |
337F000
|
| Size: |
4096
|
|
|
52E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447342197.00000000052E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
52E5000
|
| Size: |
12288
|
|
|
28B0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348350157.00000000028B0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
28B0000
|
| Size: |
4096
|
|
|
D50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347541093.0000000000D50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
D50000
|
| Size: |
16384
|
|
|
A1FA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458387330.000000000A1FA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A1FA000
|
| Size: |
24576
|
|
|
A4DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2458031322.000000000A4DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A4DE000
|
| Size: |
8192
|
|
|
6A32000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A32000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A32000
|
| Size: |
4096
|
|
|
5970000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1259877015.0000000005970000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5970000
|
| Size: |
65536
|
|
|
A210000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2458930694.000000000A210000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A210000
|
| Size: |
65536
|
|
|
79E0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1261566043.00000000079E0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
79E0000
|
| Size: |
65536
|
|
|
D0E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347479430.0000000000D0E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
D0E000
|
| Size: |
8192
|
|
|
724D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.000000000724D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
724D000
|
| Size: |
12288
|
|
|
1373000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252173285.0000000001373000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1373000
|
| Size: |
327680
|
|
|
17EA000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1252846178.00000000017EA000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17EA000
|
| Size: |
8192
|
|
|
A250000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2459316764.000000000A250000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A250000
|
| Size: |
65536
|
|
|
B68000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000B68000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B68000
|
| Size: |
28672
|
|
|
8184000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000008184000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8184000
|
| Size: |
4096
|
|
|
79ED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.00000000079ED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
79ED000
|
| Size: |
12288
|
|
|
8099000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000008099000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8099000
|
| Size: |
4096
|
|
|
53EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447446474.00000000053EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
53EE000
|
| Size: |
8192
|
|
|
7AED000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007AED000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7AED000
|
| Size: |
12288
|
|
|
FAF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348080901.0000000000FAF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
FAF000
|
| Size: |
4096
|
|
|
9BAD000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457475152.0000000009BAD000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9BAD000
|
| Size: |
12288
|
|
|
4984000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2446534104.0000000004984000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4984000
|
| Size: |
8192
|
|
|
6FE4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FE4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FE4000
|
| Size: |
4096
|
|
|
6955000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006955000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6955000
|
| Size: |
4096
|
|
|
3120000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253368843.0000000003120000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3120000
|
| Size: |
65536
|
|
|
6FE8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FE8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FE8000
|
| Size: |
4096
|
|
|
E73000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1347695015.0000000000E73000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
E73000
|
| Size: |
4096
|
|
|
29DB000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348441847.00000000029DB000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29DB000
|
| Size: |
69632
|
|
|
6BB1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006BB1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BB1000
|
| Size: |
20480
|
|
|
17F7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1252905745.00000000017F7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17F7000
|
| Size: |
4096
|
|
|
4A05000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2447239554.0000000004A05000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
4A05000
|
| Size: |
4096
|
|
|
6FFF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357161686.0000000006FFF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6FFF000
|
| Size: |
4096
|
|
|
CA0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1229026818.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
CA0000
|
| Size: |
4096
|
|
|
499D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2446740186.000000000499D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
499D000
|
| Size: |
4096
|
|
|
2F8A000
|
stack
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322271758.0000000002F8A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
2F8A000
|
| Size: |
24576
|
|
|
4A5A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2447374650.0000000004A5A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A5A000
|
| Size: |
16384
|
|
|
6AF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356624678.0000000006AF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
6AF0000
|
| Size: |
86016
|
|
|
66EC000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2448790964.00000000066EC000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
66EC000
|
| Size: |
16384
|
|
|
94E1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455830402.00000000094E1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
94E1000
|
| Size: |
16384
|
|
|
79D7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.00000000079D7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
79D7000
|
| Size: |
8192
|
|
|
9EEF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2457964187.0000000009EEF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9EEF000
|
| Size: |
4096
|
|
|
330E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253671371.000000000330E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
330E000
|
| Size: |
8192
|
|
|
7F9D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000007F9D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F9D000
|
| Size: |
8192
|
|
|
54F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356295025.00000000054F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
54F0000
|
| Size: |
12288
|
|
|
6BBA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006BBA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6BBA000
|
| Size: |
8192
|
|
|
94DE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455830402.00000000094DE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
94DE000
|
| Size: |
4096
|
|
|
2757000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000009.00000002.1348137909.0000000002757000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
2757000
|
| Size: |
4096
|
|
|
6F9B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006F9B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6F9B000
|
| Size: |
4096
|
|
|
423000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2445295185.0000000000423000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
423000
|
| Size: |
45056
|
|
|
3A81000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1353738607.0000000003A81000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3A81000
|
| Size: |
28672
|
|
|
13E5000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252173285.00000000013E5000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
13E5000
|
| Size: |
8192
|
|
|
582B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1259742388.000000000582B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
582B000
|
| Size: |
20480
|
|
|
5590000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2448790969.0000000005590000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5590000
|
| Size: |
20480
|
|
|
68FE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.00000000068FE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
68FE000
|
| Size: |
36864
|
|
|
70CF000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000070CF000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70CF000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
9B5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457367880.0000000009B5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B5E000
|
| Size: |
8192
|
|
|
6790000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2449923661.0000000006790000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
6790000
|
| Size: |
4096
|
|
|
6959000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006959000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6959000
|
| Size: |
4096
|
|
|
7257000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007257000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7257000
|
| Size: |
512000
|
|
|
2A16000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348672594.0000000002A16000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A16000
|
| Size: |
40960
|
|
|
17FB000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1252931995.00000000017FB000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
17FB000
|
| Size: |
4096
|
|
|
6A8D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A8D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A8D000
|
| Size: |
16384
|
|
|
5C70000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260351749.0000000005C70000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C70000
|
| Size: |
20480
|
|
|
29EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348441847.00000000029EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29EE000
|
| Size: |
8192
|
|
|
52C2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2446952991.00000000052C2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52C2000
|
| Size: |
4096
|
|
|
A5DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2458074792.000000000A5DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A5DE000
|
| Size: |
8192
|
|
|
5520000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356513091.0000000005520000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5520000
|
| Size: |
36864
|
|
|
5840000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1259798262.0000000005840000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5840000
|
| Size: |
4096
|
|
|
703B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.000000000703B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
703B000
|
| Size: |
270336
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Yara detected Credential Stealer |
Stealing of Sensitive Information |
|
|
|
B82000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346813965.0000000000B82000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
B82000
|
| Size: |
8192
|
|
|
A0AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458175262.000000000A0AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A0AE000
|
| Size: |
8192
|
|
|
5134000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355632714.0000000005134000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5134000
|
| Size: |
49152
|
|
|
49F6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2447002031.00000000049F6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
49F6000
|
| Size: |
8192
|
|
|
1370000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252173285.0000000001370000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1370000
|
| Size: |
4096
|
|
|
12F7000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252139542.00000000012F7000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
12F7000
|
| Size: |
36864
|
|
|
69EE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.00000000069EE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
69EE000
|
| Size: |
57344
|
|
|
4E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2448518209.0000000004E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
4E3E000
|
| Size: |
8192
|
|
|
52AD000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2446696224.00000000052AD000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52AD000
|
| Size: |
4096
|
|
|
A39D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457910965.000000000A39D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A39D000
|
| Size: |
12288
|
|
|
94CE000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2455830402.00000000094CE000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
94CE000
|
| Size: |
12288
|
|
|
2A60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348970243.0000000002A60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2A60000
|
| Size: |
65536
|
|
|
6D6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357093840.0000000006D6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D6E000
|
| Size: |
8192
|
|
|
4ED0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1354775359.0000000004ED0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4ED0000
|
| Size: |
8192
|
|
|
3190000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253584125.0000000003190000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3190000
|
| Size: |
65536
|
|
|
A66D000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2458140806.000000000A66D000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A66D000
|
| Size: |
4096
|
|
|
AC90000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2460665601.000000000AC90000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
AC90000
|
| Size: |
65536
|
|
|
5790000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1259119067.0000000005790000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
5790000
|
| Size: |
65536
|
|
|
30EA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1230488603.00000000030EA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
30EA000
|
| Size: |
102400
|
|
|
8350000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357298239.0000000008350000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
8350000
|
| Size: |
32768
|
|
|
6B11000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B11000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B11000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
9500000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2456317670.0000000009500000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9500000
|
| Size: |
4096
|
|
|
9A1D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457207567.0000000009A1D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9A1D000
|
| Size: |
12288
|
|
|
5762000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1258632843.0000000005762000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
5762000
|
| Size: |
40960
|
|
|
32F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322329210.00000000032F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
32F0000
|
| Size: |
24576
|
|
|
4F2D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355029228.0000000004F2D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F2D000
|
| Size: |
12288
|
|
|
E80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347787176.0000000000E80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E80000
|
| Size: |
24576
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2445269201.0000000000400000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
400000
|
| Size: |
4096
|
|
|
AB5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358428192.000000000AB5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AB5E000
|
| Size: |
8192
|
|
|
4970000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2446327162.0000000004970000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4970000
|
| Size: |
8192
|
|
|
92EE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456725165.00000000092EE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
92EE000
|
| Size: |
8192
|
|
|
446000
|
remote allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2445295185.0000000000446000.00000040.00000400.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
remote allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
446000
|
| Size: |
4096
|
|
|
4A30000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2447374650.0000000004A30000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4A30000
|
| Size: |
24576
|
|
|
576D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1258632843.000000000576D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
576D000
|
| Size: |
12288
|
|
|
5990000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1259974072.0000000005990000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5990000
|
| Size: |
8192
|
|
|
A9E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346785234.0000000000A9E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9E000
|
| Size: |
8192
|
|
|
93AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456888764.00000000093AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
93AE000
|
| Size: |
8192
|
|
|
14AE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252494620.00000000014AE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
14AE000
|
| Size: |
8192
|
|
|
5444000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447511323.0000000005444000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5444000
|
| Size: |
4096
|
|
|
A2F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2459839517.000000000A2F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A2F0000
|
| Size: |
65536
|
|
|
6A01000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A01000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A01000
|
| Size: |
4096
|
|
|
17F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252869843.00000000017F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17F0000
|
| Size: |
4096
|
|
|
6B9C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B9C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B9C000
|
| Size: |
8192
|
|
|
81B4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000081B4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81B4000
|
| Size: |
20480
|
|
|
7CFE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1262101582.0000000007CFE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7CFE000
|
| Size: |
8192
|
|
|
133A000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252173285.000000000133A000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
133A000
|
| Size: |
8192
|
|
|
7F59000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000007F59000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7F59000
|
| Size: |
184320
|
|
|
6FD4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000006FD4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6FD4000
|
| Size: |
4096
|
|
|
ACA7000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2460775494.000000000ACA7000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
ACA7000
|
| Size: |
36864
|
|
|
6945000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006945000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6945000
|
| Size: |
4096
|
|
|
6741000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449031465.0000000006741000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6741000
|
| Size: |
16384
|
|
|
7A50000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1261682644.0000000007A50000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
7A50000
|
| Size: |
49152
|
|
|
2750000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348097965.0000000002750000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2750000
|
| Size: |
4096
|
|
|
719F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.000000000719F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
719F000
|
| Size: |
4096
|
|
|
A50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1346720854.0000000000A50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
A50000
|
| Size: |
16384
|
|
|
672B000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449031465.000000000672B000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
672B000
|
| Size: |
8192
|
|
|
54E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1356097396.00000000054E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
54E0000
|
| Size: |
65536
|
|
|
3490000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322442725.0000000003490000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3490000
|
| Size: |
32768
|
|
|
29D0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348441847.00000000029D0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29D0000
|
| Size: |
32768
|
|
|
BBF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1262785171.000000000BBF0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BBF0000
|
| Size: |
249856
|
|
|
52C6000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2447014834.00000000052C6000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52C6000
|
| Size: |
8192
|
|
|
BD7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1263016621.000000000BD7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BD7D000
|
| Size: |
12288
|
|
|
66F0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2448852545.00000000066F0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
66F0000
|
| Size: |
4096
|
|
|
5C76000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260380691.0000000005C76000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C76000
|
| Size: |
81920
|
|
|
7B52000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007B52000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B52000
|
| Size: |
8192
|
|
|
70CA000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000070CA000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70CA000
|
| Size: |
12288
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
57B0000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000000.00000002.1259237675.00000000057B0000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
57B0000
|
| Size: |
65536
|
|
|
A310000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2460192659.000000000A310000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
A310000
|
| Size: |
8192
|
|
|
5120000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355577195.0000000005120000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5120000
|
| Size: |
4096
|
|
|
29F6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348441847.00000000029F6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F6000
|
| Size: |
16384
|
|
|
27C8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348235992.00000000027C8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
27C8000
|
| Size: |
4096
|
|
|
709E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.000000000709E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
709E000
|
| Size: |
81920
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
BADF000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1262737364.000000000BADF000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
BADF000
|
| Size: |
4096
|
|
|
A9DE000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2459211174.000000000A9DE000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A9DE000
|
| Size: |
8192
|
|
|
498D000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2446591584.000000000498D000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
498D000
|
| Size: |
4096
|
|
|
932E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456770693.000000000932E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
932E000
|
| Size: |
8192
|
|
|
9A6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2457042425.0000000009A6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9A6E000
|
| Size: |
8192
|
|
|
5110000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2446101598.0000000005110000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5110000
|
| Size: |
4096
|
|
|
6E3E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2448856763.0000000006E3E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6E3E000
|
| Size: |
8192
|
|
|
A81F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2458931663.000000000A81F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
A81F000
|
| Size: |
4096
|
|
|
5570000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2448756835.0000000005570000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5570000
|
| Size: |
4096
|
|
|
5C50000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260266252.0000000005C50000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C50000
|
| Size: |
12288
|
|
|
42A9000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1353738607.00000000042A9000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
42A9000
|
| Size: |
188416
|
|
|
95F3000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2457034093.00000000095F3000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
95F3000
|
| Size: |
8192
|
|
|
79B0000
|
trusted library section
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261471819.00000000079B0000.00000004.08000000.00040000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page read and write
|
| Base address: |
79B0000
|
| Size: |
69632
|
|
|
53C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355921696.00000000053C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
53C0000
|
| Size: |
4096
|
|
|
4F22000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355029228.0000000004F22000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
4F22000
|
| Size: |
40960
|
|
|
9F2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2458022760.0000000009F2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9F2E000
|
| Size: |
8192
|
|
|
52A0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2446473442.00000000052A0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
52A0000
|
| Size: |
8192
|
|
|
8DAD000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2456375003.0000000008DAD000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
8DAD000
|
| Size: |
12288
|
|
|
5446000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2447511323.0000000005446000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5446000
|
| Size: |
512000
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
4F80000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355493418.0000000004F80000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F80000
|
| Size: |
4096
|
|
|
7AF8000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007AF8000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7AF8000
|
| Size: |
4096
|
|
|
7A09000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007A09000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A09000
|
| Size: |
4096
|
|
|
7093000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007093000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7093000
|
| Size: |
4096
|
|
|
517B000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1355729661.000000000517B000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
517B000
|
| Size: |
20480
|
|
|
71A4000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000071A4000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
71A4000
|
| Size: |
8192
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| SQL strings found in memory and binary data |
System Summary |
|
|
|
133E000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252173285.000000000133E000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
133E000
|
| Size: |
155648
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sample file is different than original file name gathered from version info |
System Summary |
|
|
|
1330000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252173285.0000000001330000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1330000
|
| Size: |
36864
|
|
|
8097000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.0000000008097000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
8097000
|
| Size: |
4096
|
|
|
4F79000
|
trusted library section
|
page readonly
|
|
|
|
| Name: |
00000009.00000002.1355426415.0000000004F79000.00000002.08000000.00040000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library section
|
| Protect: |
page readonly
|
| Base address: |
4F79000
|
| Size: |
4096
|
|
|
A260000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000011.00000002.2459433759.000000000A260000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
A260000
|
| Size: |
4096
|
|
|
3130000
|
heap
|
page execute and read and write
|
|
|
|
| Name: |
00000000.00000002.1253393133.0000000003130000.00000040.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page execute and read and write
|
| Base address: |
3130000
|
| Size: |
4096
|
|
|
73D2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260567382.00000000073D2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
73D2000
|
| Size: |
1572864
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
45D0000
|
heap
|
page readonly
|
|
|
|
| Name: |
00000011.00000002.2446014442.00000000045D0000.00000002.00000020.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page readonly
|
| Base address: |
45D0000
|
| Size: |
4096
|
|
|
6B0C000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006B0C000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6B0C000
|
| Size: |
4096
|
|
|
321F000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1230620782.000000000321F000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
321F000
|
| Size: |
4096
|
|
|
6987000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006987000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6987000
|
| Size: |
69632
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
800F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.000000000800F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
800F000
|
| Size: |
4096
|
|
|
79F0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261608507.00000000079F0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
79F0000
|
| Size: |
65536
|
|
|
14C0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252512176.00000000014C0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
14C0000
|
| Size: |
16384
|
|
|
C90000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1228865305.0000000000C90000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
C90000
|
| Size: |
4096
|
|
|
3048000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253314503.0000000003048000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
3048000
|
| Size: |
4096
|
|
|
7C49000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007C49000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7C49000
|
| Size: |
4096
|
|
|
7D7D000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1262166418.0000000007D7D000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7D7D000
|
| Size: |
12288
|
|
|
ABE0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2459835066.000000000ABE0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
ABE0000
|
| Size: |
65536
|
|
|
6770000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449782587.0000000006770000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6770000
|
| Size: |
65536
|
|
|
2FF0000
|
heap
|
page read and write
|
|
|
|
| Name: |
0000000D.00000002.1322292071.0000000002FF0000.00000004.00000020.00040000.00000000.sdmp
|
| TargetID: |
13
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
2FF0000
|
| Size: |
4096
|
|
|
17E2000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252807448.00000000017E2000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17E2000
|
| Size: |
4096
|
|
|
C09E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1263145784.000000000C09E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C09E000
|
| Size: |
8192
|
|
|
790F000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.000000000790F000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
790F000
|
| Size: |
8192
|
|
|
9B6E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2457091217.0000000009B6E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
9B6E000
|
| Size: |
8192
|
|
|
2C16000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1349053451.0000000002C16000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
2C16000
|
| Size: |
3584000
|
|
|
E10000
|
unkown
|
page readonly
|
|
|
|
| Name: |
00000000.00000000.1195965233.0000000000E10000.00000002.00000001.01000000.00000003.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process new
|
| Regiontype: |
unkown
|
| Protect: |
page readonly
|
| Base address: |
E10000
|
| Size: |
4096
|
|
|
52D7000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2447285356.00000000052D7000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
52D7000
|
| Size: |
4096
|
|
|
7B6E000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007B6E000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7B6E000
|
| Size: |
4096
|
|
|
17E0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1252787481.00000000017E0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
17E0000
|
| Size: |
4096
|
|
|
1890000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253267893.0000000001890000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
1890000
|
| Size: |
20480
|
|
|
81C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2453736856.00000000081C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
81C0000
|
| Size: |
8192
|
|
|
AC5E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358454849.000000000AC5E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
AC5E000
|
| Size: |
8192
|
|
|
7A35000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007A35000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7A35000
|
| Size: |
20480
|
|
|
6D1E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1357043559.0000000006D1E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
6D1E000
|
| Size: |
8192
|
|
|
ABC0000
|
trusted library allocation
|
page execute and read and write
|
|
|
|
| Name: |
00000008.00000002.2459679525.000000000ABC0000.00000040.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page execute and read and write
|
| Base address: |
ABC0000
|
| Size: |
65536
|
|
|
5C55000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1260266252.0000000005C55000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
5C55000
|
| Size: |
40960
|
|
|
E60000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347636631.0000000000E60000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
E60000
|
| Size: |
8192
|
|
|
3200000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253655025.0000000003200000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
3200000
|
| Size: |
4096
|
|
|
9506000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2456317670.0000000009506000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
9506000
|
| Size: |
40960
|
|
|
7B2E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261794791.0000000007B2E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
7B2E000
|
| Size: |
8192
|
|
|
70C0000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.00000000070C0000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
70C0000
|
| Size: |
4096
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| URLs found in memory or binary data |
Networking |
|
|
|
B59E000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1358986305.000000000B59E000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
B59E000
|
| Size: |
8192
|
|
|
6A34000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.0000000006A34000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
6A34000
|
| Size: |
4096
|
|
|
4F00000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1354835829.0000000004F00000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
4F00000
|
| Size: |
4096
|
|
|
78D0000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1261140100.00000000078D0000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
78D0000
|
| Size: |
303104
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) |
Malware Analysis System Evasion |
Security Software Discovery
|
|
|
C2A000
|
stack
|
page read and write
|
|
|
|
| Name: |
00000006.00000002.1228320287.0000000000C2A000.00000004.00000010.00020000.00000000.sdmp
|
| TargetID: |
6
|
| Dumpstage: |
process exit
|
| Regiontype: |
stack
|
| Protect: |
page read and write
|
| Base address: |
C2A000
|
| Size: |
24576
|
|
|
7090000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2449144517.0000000007090000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7090000
|
| Size: |
4096
|
|
|
1880000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000000.00000002.1253145616.0000000001880000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
0
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
1880000
|
| Size: |
65536
|
|
|
29F1000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1348441847.00000000029F1000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
29F1000
|
| Size: |
16384
|
|
|
695D000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2449982205.000000000695D000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
695D000
|
| Size: |
4096
|
|
|
BBA000
|
heap
|
page read and write
|
|
|
|
| Name: |
00000009.00000002.1347346176.0000000000BBA000.00000004.00000020.00020000.00000000.sdmp
|
| TargetID: |
9
|
| Dumpstage: |
process exit
|
| Regiontype: |
heap
|
| Protect: |
page read and write
|
| Base address: |
BBA000
|
| Size: |
86016
|
|
|
7AF6000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000011.00000002.2454532467.0000000007AF6000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
17
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
7AF6000
|
| Size: |
4096
|
|
|
AC80000
|
trusted library allocation
|
page read and write
|
|
|
|
| Name: |
00000008.00000002.2460547421.000000000AC80000.00000004.00000800.00020000.00000000.sdmp
|
| TargetID: |
8
|
| Dumpstage: |
process exit
|
| Regiontype: |
trusted library allocation
|
| Protect: |
page read and write
|
| Base address: |
AC80000
|
| Size: |
65536
|
|
